Data Source Check

The data source check dashboard will look in your environment not just for the expected data, but also for the actual field extractions used by the free searches in Splunk Security Essentials, and provide you a list of checkboxes for what searches you can use.

  1. The Data Source Check dashboard tells you what searches would be ready to run in your environment. Click Start Searches to get started.
  2. The dashboard will launch 60+ pre-req tests. Each is really quick – the whole set should take less than 10 minutes and won’t overwhelm your Splunk.
  3. As the searches run, you will get back Green Checks or Red Explanation Points. A green check indicates that the pre-req test found the exact data, sourcetypes, and fields that the detection is expecting.
  4. If you’ve run the dashboard checks in the past, you can always re-run them on your current data, or you can click Retrieve Result to pull back your last result.