Splunk Security Essentials includes a machine-learning driven dashboard that tracks the typical data ingest latency of the products configured in SSE (effectively: how slow is typical for the logs). When a log source slows down, it will color code it, and you can click on it to see what detections are at risk for issue.
- The Data Availability dashboard shows you the products in your environment, and the most recent latency seen from each of them.
- If you click on a product, it will tell you what detections depend on it along with the expected latency.
- The dashboard will also throw a variety of errors in case you have any configuration issues.