Splunk Enterprise Security

Do we have option in Splunk enterprise security to check the command output

sahiltcs
Path Finder

We created Dashboard in Splunk enterprise security where we can see the commands status and risk score for those commands.

Do we have option in Spunk enterprise security where we can see the output of that particular command, Like I click the status of one command to see the events and it will tell me the status of Command output

0 Karma
1 Solution

FrankVl
Ultra Champion

Sounds like you want to create a specific drilldown on your dashboard? See: https://docs.splunk.com/Documentation/Splunk/latest/Viz/Drilldownintro

View solution in original post

0 Karma

FrankVl
Ultra Champion

Sounds like you want to create a specific drilldown on your dashboard? See: https://docs.splunk.com/Documentation/Splunk/latest/Viz/Drilldownintro

0 Karma

sahiltcs
Path Finder

No, Actually I need to check the status of output of that particular command , Like other application if we click command rating we can see the complete details like output of command , source etc.

Here i click command i can see the events only

Any thoughts

0 Karma

FrankVl
Ultra Champion

A bit more clarity on exactly what you are looking for would indeed help.

Is the data you are after in Splunk already? If so: write a search that finds it and then tokenize it and configure it as a custom drilldown for your dashboard.

0 Karma

sahiltcs
Path Finder

Yes already data in splunk which monitor the seesion ID, Commands running on Unix server, In other application PSRS I can see the output of particular command when i select the command But in Splunk When i click the Commands which are monitored in Splunk and displaying in Dashboard I am not able to see the output of command

0 Karma

FrankVl
Ultra Champion

If you want to see the output of the command in Splunk by clicking on it, you need two things:

  • get that data (the command output) into Splunk
  • define a search that returns that data and configure that as your drilldown search
0 Karma

sahiltcs
Path Finder

Thanks for the solution 🙂

0 Karma

lakshman239
SplunkTrust
SplunkTrust

what do you mean by command? what other dashboard/application are your referring, where it shows details as you want?

0 Karma

sahiltcs
Path Finder

In dashboard I can see the commands are running for particular session are displaying.

Session ID , Commands run on unix server that are monitored in Spunk , Session start time , Start end time these are columns are showing in Dashboard from last 24 hours data.

In other application PSRS I can see the output of command when i click, BUt in splunk i am not able to see this option

Let me know if you understand my question

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...