-
Notifications
You must be signed in to change notification settings - Fork 331
/
essoc_usage_dashboard.txt
51 lines (28 loc) · 2.38 KB
/
essoc_usage_dashboard.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
######################
ESSOC Usage Dashboard#
######################
The ESSOC Usage dashboard is designed to provide high-level insight into the usage of the ES-SOC app. It is suitable for display when providing feedback to the Splunk team or for identifying how the ES-SOC app is being used. This dashboard has two time selectors that work independently - the top time selector determines the search time range for all the single-value. And the lower time selector, determines the time range for the usage table.
IMPORTANT: The user loading this dashboard must have permission to search the _audit index
##################
#Dashboard panels#
##################
Searches Ran
The total number of searches in ES-SOC that were executed. This number includes scheduled searches and ad hoc searches run from the search bar using the '| savedsearch <ESSOC search_name> ‘ syntax
Unique Searches
The unique/distinct searches executed on the deployment. This is equivalent to the distinct count of searches run in the ES-SOC app.
Most Run
The total number of searches in ES-SOC that were executed. This number includes scheduled searches and ad hoc searches run from the search bar using the '| savedsearch <ESSOC search_name> ‘ syntax.
Ad hoc Searches
The total number of searches run from the search bar using the '| savedsearch <ESSOC search_name> ‘ syntax.
Scheduled
The total number of ESSOC searches run that were scheduled.
Most Active User
The user who executed the highest number/count of searches. This calculation includes scheduled searches and ad hoc searches run from the search bar using the '| savedsearch <ESSOC search_name> ‘ syntax.
Search Run Time (seconds)
Total run time of all searches executed in seconds. This calculation includes scheduled searches and ad hoc searches run from the search bar using the '| savedsearch <ESSOC search_name> ‘ syntax.
Average Run Time (seconds)
Average run time of all searches executed in seconds. This calculation includes scheduled searches and ad hoc searches run from the search bar using the '| savedsearch <ESSOC search_name> ‘ syntax.
Max Run Time (seconds)
The run time of the longest running search. This calculation includes scheduled searches and ad hoc searches run from the search bar using the '| savedsearch <ESSOC search_name> ‘ syntax.
Search summary
This table provides details on each search that was executed in the ESSOC app.