Activity Feed
- Karma Re: How to grab all data that Splunk is collecting in a readable format for executives to review for PickleRick. 01-23-2025 08:09 AM
- Karma Re: How to grab all data that Splunk is collecting in a readable format for executives to review for gcusello. 01-23-2025 08:05 AM
- Posted Re: How to grab all data that Splunk is collecting in a readable format for executives to review on Dashboards & Visualizations. 01-23-2025 07:45 AM
- Karma Re: How to grab all data that Splunk is collecting in a readable format for executives to review for richgalloway. 01-23-2025 07:35 AM
- Posted How to grab all data that Splunk is collecting in a readable format for executives to review on Dashboards & Visualizations. 01-23-2025 06:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
01-23-2025
07:45 AM
I totally understand where you are coming from and what you are saying. Alas, I think at this point in time management is attempting to understand what Splunk is collecting so that we can better understand what Splunk might be potentially missing (such as, when someone stands up a server and doesn't tell someone). I have broken metrics down by time in a more readable format like (last 30 minutes or 24 hours) to test the SPL queries that I've been attempting. That is why I have been focused on organizing the data by Host, Sourcetype, Source, and Index so that I could capture everything but understand the resource intensity associated with it. Additionally, I created a dashboard studio that showcases each data point listed above in their own tab, still showcases everything but isn't in one instance or table.
... View more
01-23-2025
06:59 AM
Hello Splunk Community, I am very new to Splunk and was given the following task and could really use some help: To gather all data that Splunk is collecting and put it in a visually readable format for executives I have been trying very many things to accomplish this, such as, using Enterprise Security > Audit> Index Audit and Forwarder Audit. Trying to create custom classic dashboards and using Dashboard studio to play around with the data. Nothing seems to give me what I need. I have also tried the following: | tstats values(source) as sources ,values(sourcetype) as sourcetype where index=* by host | lookup dnslookup clienthost as host OUTPUT clientip as src_ip This method is very resource intensive and provides me with the information I need but the Source and Sourcetypes are incredibly long and make the table not easy to read for executives. Is there another way to do this?
... View more
Labels
- Labels:
-
chart
-
Classic dashboard
-
Dashboard Studio
-
table
