Splunk Enterprise Security

Do we have option in Splunk enterprise security to check the command output

Path Finder

We created Dashboard in Splunk enterprise security where we can see the commands status and risk score for those commands.

Do we have option in Spunk enterprise security where we can see the output of that particular command, Like I click the status of one command to see the events and it will tell me the status of Command output

0 Karma
1 Solution

Ultra Champion

Sounds like you want to create a specific drilldown on your dashboard? See: https://docs.splunk.com/Documentation/Splunk/latest/Viz/Drilldownintro

View solution in original post

0 Karma

Ultra Champion

Sounds like you want to create a specific drilldown on your dashboard? See: https://docs.splunk.com/Documentation/Splunk/latest/Viz/Drilldownintro

View solution in original post

0 Karma

Path Finder

No, Actually I need to check the status of output of that particular command , Like other application if we click command rating we can see the complete details like output of command , source etc.

Here i click command i can see the events only

Any thoughts

0 Karma

Ultra Champion

A bit more clarity on exactly what you are looking for would indeed help.

Is the data you are after in Splunk already? If so: write a search that finds it and then tokenize it and configure it as a custom drilldown for your dashboard.

0 Karma

Path Finder

Yes already data in splunk which monitor the seesion ID, Commands running on Unix server, In other application PSRS I can see the output of particular command when i select the command But in Splunk When i click the Commands which are monitored in Splunk and displaying in Dashboard I am not able to see the output of command

0 Karma

Ultra Champion

If you want to see the output of the command in Splunk by clicking on it, you need two things:

  • get that data (the command output) into Splunk
  • define a search that returns that data and configure that as your drilldown search
0 Karma

Path Finder

Thanks for the solution 🙂

0 Karma

SplunkTrust
SplunkTrust

what do you mean by command? what other dashboard/application are your referring, where it shows details as you want?

0 Karma

Path Finder

In dashboard I can see the commands are running for particular session are displaying.

Session ID , Commands run on unix server that are monitored in Spunk , Session start time , Start end time these are columns are showing in Dashboard from last 24 hours data.

In other application PSRS I can see the output of command when i click, BUt in splunk i am not able to see this option

Let me know if you understand my question

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!