Splunk Usage

Viewing Events

You view events logged as soon as ITM On-Prem data collection is configured and enabled in the ObserveIT TA. You can start using the data in Splunk searches and reports.

Dashboards

The ObserveIT App provides a comprehensive dashboard to view summary information about risky users and applications as well as drilldowns and links to view recorded user sessions.

Note: Installation of ObserveIT TA is a prerequisite for using the ObserveIT App.

Alerts Dashboard

The Alerts dashboard shows the top alerts and top risky users and applications. All alerts are listed, with a link to launch the ITM On-Prem (ObserveIT) player so you can playback the user’s session. The session column lets you drill-down to the individual activities that comprise the alerted session.

If you want to view only the alert list, use horizontal collapse bar to hide the pie views.

User Session Dashboard

The User Session dashboard shows the most active users and endpoints as well as the most used applications.

A summary view of each user session is available, including the start and end time of the session, the number of unique activities, and the user involved.

A link to the ITM On-Prem (ObserveIT player to replay the session is also included.

A drilldown shows more details about the individual activities that comprise the session.

When the user session dashboard is opened via alert drill-down, you see only that individual single session’s activities.