Track data ingest latency with the Data Availability dashboard
The Data Availability dashboard is a machine learning-driven dashboard that tracks the typical data ingest latency of the products configured in Splunk Security Essentials. When a log source slows down, it is color coded in the dashboard, and you can click on it to see what detections are at risk.
Prerequisites
The Data Availability dashboard requires the Splunk Machine Learning Toolkit (MLTK). Verify that you have MLTK installed. See Install the Machine Learning Toolkit in the Splunk Machine Learning Toolkit User Guide.
Steps
- In Splunk Security Essentials, navigate to Data > Data Availability.
- Click Run Baseline Search.
- Click the log sources in the search results to see if there are any detections at risk for that specific source.