/ta_windows_wec_app

Splunk App that provides some dashboards for Windows WEC telemetry data retrieved using the Windows WEC Add-On

GNU General Public License v3.0GPL-3.0

TA_windows_wec_app Splunk App

This App for Splunk provides some dashboards for Windows WEC telemetry data retrieved using the Windows WEC Add-On

Dashboards:

  • Overview shows the relationship between hosts (WEC servers) and the configured subscriptions. Overview dashboard
  • Details provides the details of the subscriptions configured in a host (WEC server). Subscription details dashboard
  • Runtime provides the runtime status of a given subscription configured in a host (WEC server). Subscription runtime stats dashboard
  • Registry provides the status of the registry pruning of a given subscription configured in a host (WEC server). Subscription runtime stats dashboard

Requirements

The Overview dashboard requires the installation of the visualization Sankey Diagram.

Configuration

The dashboards use the macro windows_wec_default_index to provide the index from where to search. By default, it uses windows*. Change the index name, if needed.

Credits