Web Center and Network Changes dashboards
Web Center
You can use the Web Center dashboard to profile web traffic events in your deployment. This dashboard reports on web traffic gathered by Splunk from proxy servers. It is useful for troubleshooting potential issues such as excessive bandwidth usage, or proxies that are no longer serving content for proxy clients. You can also use the Web Center to profile the type of content that clients are requesting, and how much bandwidth is being used by each client.
You can configure new data inputs through Splunk Settings, or search for particular traffic events directly through Incident Review. Use the filters at the top of the screen to limit which items are shown. Filters do not apply to Key Indicators.
| Filter by | Description | Action |
|---|---|---|
| Business Unit | A group or department classification for the identity. | Text field. Empty by default. Wildcard strings with an asterisk (*) |
| Category | Filter based on the categories to which the host belongs. | Drop-down: select to filter by |
| Time Range | Select the time range to represent. | Drop-down: select to filter by |
Dashboard Panels
| Panel | Description |
|---|---|
| Key Indicators | Displays the metrics relevant to the dashboard sources over the past 48 hours. Key indicators represent summary information and appear at the top of the dashboard. See Key indicators in Splunk Enterprise Security. |
| Events Over Time by Method | Shows the total number of proxy events over time, aggregated by Method, or the HTTP method requested by the client (POST, GET, CONNECT, etc.). |
| Events Over Time by Status | Shows the total number of proxy events, aggregated by Status, or the HTTP status of the response. |
| Top Sources | Sources associated with the highest volume of network traffic. This is useful for identifying sources that are using an excessive amount of network traffic (for example, file-sharing hosts), or frequently-requested destinations generating large amounts of network traffic (for example, YouTube or Pandora). |
| Top Destinations | Destinations associated with the highest volume of network traffic. This is useful for identifying sources that are using an excessive amount of network traffic (for example, file-sharing hosts), or frequently-requested destinations generating large amounts of network traffic (for example, YouTube or Pandora). |
Web Search
The Web Search dashboard assists in searching for web events that are of interest based on the criteria defined by the search filters. The dashboard is used in ad-hoc searching of web data, but is also the primary destination for drilldown searches used in the Web Search dashboard panels.
The Web Search dashboard displays no results unless it is opened in response to a drilldown action, or you update a filter, select a time range, and click Submit.
| Filter by | Description | Action |
|---|---|---|
| HTTP Method | Filter based on HTTP Method. | Text field. Empty by default. Wildcard strings with an asterisk (*) |
| HTTP Status | Filter based on HTTP Status code. | Text field. Empty by default. Wildcard strings with an asterisk (*) |
| Source | Filter based on source IP or name. | Text field. Empty by default. Wildcard strings with an asterisk (*) |
| Destination | Filter based on destination IP or name. | Text field. Empty by default. Wildcard strings with an asterisk (*) |
| URL | Filter based on URL details. | Text field. Empty by default. Wildcard strings with an asterisk (*) |
| Time Range | Select the time range to view. | Drop-down: select to filter by |
Network Changes
Use the Network Changes dashboard to track configuration changes to firewalls and other network devices in your environment. This dashboard helps to troubleshoot device problems; frequently, when firewalls or other devices go down, this is due to a recent configuration change.
| Filter by | Description | Action |
|---|---|---|
| Business Unit | A group or department classification for the identity. | Text field. Empty by default. Wildcard strings with an asterisk (*) |
| Category | Filter based on the categories to which the host belongs. | Drop-down: select to filter by |
| Time Range | Select the time range to represent. | Drop-down: select to filter by |
Dashboard Panels
| Panel | Description |
|---|---|
| Network Changes by Action | Shows all changes to the devices by the type of change, or whether a device was added, deleted, modified, or changed. The drilldown opens the "New Search" dashboard and searches on the selected action and time range. |
| Network Changes by Device | Shows all devices that have been changed as well as the number of the changes, sorted by the devices with the highest number of changes. The drilldown opens the "New Search" dashboard and searches on the selected device and time range. |
| Recent Network Changes | Shows a table of the most recent changes to network devices in the last day. |
Troubleshooting
This dashboard references data from various data models. Without the applicable data, the dashboards will remain empty. See Troubleshoot dashboards in Splunk Enterprise Security in Administer Splunk Enterprise Security.