Search This Blog

Tuesday, March 12, 2024

03_PS_Splunk 9 Building Reports, Dashboards, and Alerts

 


Table of Contents

1 Course Overview 1

2 Introduction to Splunk Reports and Dashboards 2

2.1 Learning About Transforming Commands 2

2.2 Using Transforming Commands 3

2.3 Reporting in Splunk 3

2.4 Creating Reports 4

2.5 Creating Reports in Splunk 6

3 Building Splunk Dashboards 6

3.1 Building Splunk Dashboards 6

3.2 Customizing Splunk Dashboards 8

3.3 Creating Dashboards with Visualizations and Drilldowns 11

3.4 Adding Additional Configurations 13

3.5 Optimizing Splunk Dashboards 15

3.5.1 Reporting Acceleration 16

3.6 Configuring Additional Options 18

3.7 Managing Splunk Dashboards 18

4 Creating Alerts in Splunk 20

4.1 Creating Alerts in Splunk 20

4.2 Creating Scheduled Reports and Alerts 22

4.3 Detailing Advanced Alert Actions 24

4.4 Configuring Advanced Alert Actions 27

4.5 Wrapping up Splunk Reports, Dashboards, and Alerts 27


  1. Course Overview

Joe Abraham, www.defendthenet.com

  1. Introduction to Splunk Reports and Dashboards

    1. Learning About Transforming Commands

A pink sign with white text Description automatically generated


A screenshot of a cell phone Description automatically generated


A screenshot of a computer Description automatically generated


  1. Using Transforming Commands

  2. Reporting in Splunk


A close-up of a sign Description automatically generated

index=main EventCode!=0 

| table Eventcode,ComputerName


index=main EventCode!=0 | table Eventcode > eventcode not displaying ???


A close-up of a logo Description automatically generated


A blue and pink text on a white background Description automatically generated



  1. Creating Reports

A blue background with white text Description automatically generated


A screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated


Timepicker is default in reports – we can remove 


A screenshot of a phone Description automatically generated


A screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated



  1. Creating Reports in Splunk

  1. Building Splunk Dashboards

    1. Building Splunk Dashboards

A screenshot of a computer dashboard Description automatically generated


A screenshot of a computer screen Description automatically generated


A screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated




  1. Customizing Splunk Dashboards


A screen shot of a blue background Description automatically generated


A black text on a white background Description automatically generated

A screenshot of a computer program Description automatically generated

Screens screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated




  1. Creating Dashboards with Visualizations and Drilldowns

  • Login – Search & Reports – Dashboards 

A screenshot of a computer Description automatically generated


Create New Dashboards

A screenshot of a dashboard Description automatically generated


Classic Dashboard

Add Panel

A screenshot of a computer Description automatically generated





  1. Adding Additional Configurations

Add Input

A screenshot of a computer Description automatically generated

We can look / import / modify the source code by clicking Source

A screenshot of a computer Description automatically generated

UI = User Interface

Source = source code 

Add Panel

Add Input

A black and white striped background Description automatically generated with medium confidence

Edit drilldown – it goes to another search page with the clicked value 

A screenshot of a computer Description automatically generated

Token

A screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated





  1. Optimizing Splunk Dashboards

A pink background with white text Description automatically generated

A screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated

  1. Reporting Acceleration

Settings – Searchs, reports and alerts – Edit for the  report – Edit Acceleration 

A screenshot of a computer Description automatically generated


Accelerated report the symbol shows


We can edit the dashboard by  clicking Dashboards – Edit 

A screenshot of a computer Description automatically generated

A screenshot of a computer Description automatically generated


We can clone the Classic Dashboard to Dashboard studio

A screenshot of a computer Description automatically generated


Cloned one is

A screenshot of a computer Description automatically generated


  1. Configuring Additional Options

If we clone to dashboard studio, datasource names are not cloned it says unnamed

Dashboard Studio

A screenshot of a computer Description automatically generated

Dashboard is good which has more options

  1. Managing Splunk Dashboards

A close up of a white background Description automatically generated


A screen shot of a screen Description automatically generated

A close-up of a blue square Description automatically generated


  1. Creating Alerts in Splunk

    1. Creating Alerts in Splunk

A screenshot of a web page Description automatically generated

A white background with black text Description automatically generated


A screenshot of a computer Description automatically generated


A screenshot of a computer Description automatically generated



A pink sign with white text Description automatically generated


  1. Creating Scheduled Reports and Alerts 



A screenshot of a schedule Description automatically generated


A screenshot of a computer screen Description automatically generated


??? index – here we send to existing index – know more

A screenshot of a computer Description automatically generated


  1. Detailing Advanced Alert Actions

A white background with blue text Description automatically generated


Webhook – 

A white background with green text Description automatically generated


A close-up of a diagram Description automatically generated


Logging and Indexing

A close up of text Description automatically generated


A screenshot of a computer Description automatically generated


A white background with pink text Description automatically generated


A close-up of a blue square Description automatically generated




  1. Configuring Advanced Alert Actions

Alert to lookup table

  1. Wrapping up Splunk Reports, Dashboards, and Alerts


A screenshot of a diagram Description automatically generated

A screenshot of a dashboard Description automatically generated


A screenshot of a computer screen Description automatically generated


A close-up of a document Description automatically generated
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)