Skip to content

Splunk App that provides some dashboards for Windows WEC telemetry data retrieved using the Windows WEC Add-On

License

Notifications You must be signed in to change notification settings

darizotas/ta_windows_wec_app

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TA_windows_wec_app Splunk App

This App for Splunk provides some dashboards for Windows WEC telemetry data retrieved using the Windows WEC Add-On

Dashboards:

  • Overview shows the relationship between hosts (WEC servers) and the configured subscriptions. Overview dashboard
  • Details provides the details of the subscriptions configured in a host (WEC server). Subscription details dashboard
  • Runtime provides the runtime status of a given subscription configured in a host (WEC server). Subscription runtime stats dashboard
  • Registry provides the status of the registry pruning of a given subscription configured in a host (WEC server). Subscription runtime stats dashboard

Requirements

The Overview dashboard requires the installation of the visualization Sankey Diagram.

Configuration

The dashboards use the macro windows_wec_default_index to provide the index from where to search. By default, it uses windows*. Change the index name, if needed.

Credits