Macros in Splunk App for Fraud Analytics
Splunk App for Fraud Analytics includes the following preconfigured macros. Use these macros instead of editing data models, dashboards and searches.
| Name | Description |
|---|---|
Fraud_webindexes__fraud_web |
Data sources for the fraud_web data model. |
datasources__fraud_account |
Data sources for the fraud_account data model. |
AF__app |
System name of the parent app (Splunk Enterprise Security). Used to generate link within notable events to the investigation dashboard. |
AF__dash__customer_accounts |
System name of the Customer Account Analysis dashboard. Used to generate link within notable events to the investigation dashboard. |
AF__dash__risk_exposure |
System name of the Risk Exposure dashboard. Used to generate link within notable events to the investigation dashboard. |
AF__dash__web_traffic |
System name of the Web Traffic Analysis dashboard. Used to generate link within notable events to the investigation dashboard. |
high_value_accounts |
List of VIP accounts. |
anon_get_numeric_id(2) |
Generates anonymized numeric ID. |
datasources__fraud_account |
Lists index(es) for new account fraud data model: fraud_account. |
high_value_accounts |
Lists special high value account that might require extra attention. |
indexes__fraud_web index IN ("firstfederal", "web_traffic") |
Lists index(es) for fraud data model: fraud_web. |
infields |
Lists some internal Splunk fields. |
random_in_range(2) |
Macro to generate random number within specified range |