Discover new use cases and capabilities

Explore Splunk capabilities on the Use case discovery dashboard

The Use case discovery dashboard

This dashboard enables you to see how your data maps to Splunk Lantern use cases and helps you explore capabilities related to those use cases.

A use case capability is a specific analytic function or solution. The Value Insights feature identifies capabilities with the data already ingested in your Splunk environment, mapping your sourcetypes to Splunk Lantern use cases. You can think of each capability as an opportunity to improve business and operational outcomes by leveraging your existing data more effectively.

See the following table to learn about the features of this dashboard.

Panel Description
Use case capabilities supported by data The number of use cases that you can implement, based on the data in your environment.
Top categories to expand A summary of the categories with the most capabilities that you can implement.
Your bookmarked capabilities Capabilities that you have bookmarked. Bookmark a capability to prioritize it for later implementation.

Use case capability details

This table lists all use case capabilities that you have implemented or are ready to implement. Click the tabs at the top of the table to view All capabilities, Ready to implement capabilities, Implemented capabilities, and Bookmarked capabilities. You can further filter the table by Domains and Category from the drop-down menus.

Column Description
Capability name The name of the capability, as defined by Splunk Lantern.
Implementation status May be Implemented or Ready to implement
Mark as implemented A manual toggle to mark whether you have implemented the capability. This status is saved at the stack level.
Note: Switching the toggle does not automatically implement the capability. For implementation steps, refer to the capability's documentation. For more information, see Identify and implement a use case capability.
Domain A domain is a high-level class of use case types. The domains are:
  • Platform
  • Security
  • Observability
  • Unclassified (not currently mapped to a known domain)
Category Use cases include Anomaly Detection, Security Monitoring, Threat Hunting, Compliance, Incident Management, or Troubleshooting Mission-Critical Apps, and more.
Action Available actions, including:

  • A link to the Splunk Lantern documentation for the capability, where you can learn the implementation steps.

  • A bookmark icon to mark capabilities that you are interested in. Bookmarks are saved at the stack level.

Identify and implement a use case capability

Use the Use Case Discovery dashboard to identify and implement a new use case capability

The Use case discovery dashboard uses the data already ingested in your Splunk environment to identify analytic functions or solutions that you can implement in your environment. To use the dashboard to identify and implement a use case, follow these steps.
  1. Locate the capability that you want to use in the Use case capability details table. Filter the table with the tabs and the drop-down menus to refine your search.
  2. In the Action column, click the link to the capability's documentation in Splunk Lantern.
  3. Follow the steps in the Lantern documentation to implement the capability.
  4. When you have finished implementing the capability, return to the dashboard and use the Mark as implemented toggle in the table to show that the implementation is complete.
When you review the list of capabilities, you decide that you want to implement the capability for the "Expected host not reporting events" use case. You bookmark this capability so that you can quickly refer to it later. Clicking the documentation link in the Action column takes you to the page for that use case. You follow the steps on that page to implement the capability. When you have completed this work and are satisfied with the results, you return to the Use case discovery dashboard and mark it as implemented.