Install and Configure: Reports

Updated

[this is for v4.0.x of the Recorded Future App for Splunk Enterprise]

Install and Configure Reports

The easiest way to adapt or add new reports is to go to Other -> Reports.

Other -> Reports

Then click on 'Open in Search' on the report you want to adapt.

Open in Search

This will send you to a search page with the current reports search populated.

Search bar

Here you can add or remove parts of the search. For example we might want to have a report that only looks at logs with the log level 'ERROR' instead of all logs. One way to do this is to click on the field 'loglevel' on the left column and, if 'ERROR' is available as a value click that, otherwise click on INFO and the search row will automatically add a 'loglevel=INFO'.

Field values

Added to search bar

Just change 'INFO' to 'ERROR' and click search to view the result that would create the report.

Change to ERROR

Depending on if there has been any error logs thus far, the result might be empty, but it will still find any future error logs.

When you are happy with the search, click on the 'Save As' menu in the upper right corcer, and then click on 'Report' to save the new search as a new report. Fill out the information and click on save and you're done.

Save dialogue

Further help

Contact support@recordedfuture.com for additional assistance.

Please do not contact Splunk support about "Recorded Future for Splunk Enterprise".

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more