This article describes the dashboards available in the Code42 app for Splunk. Splunk is a solution for data analytics monitoring and visualization. The Code42 app for Splunk adds Code42-specific dashboards to Splunk Enterprise or Spunk Cloud.
To install the app, see Install and manage the Code42 app for Splunk.
- This article describes only the Code42 app for Splunk. Another way to view Code42 information in Splunk is to integrate Code42 APIs with your Splunk Enterprise. For more information, see Code42 API integration with Splunk Enterprise.
- This article describes the dashboards in the Code42 app for Splunk version 3.0. For information on previous versions, see the article on Code42 app for Splunk installation.
- To use the Code42 app for Splunk version 3.0, you must have an existing Splunk Enterprise 6.5 or later environment or a Splunk Cloud environment.
Access the Code42 app for Splunk
The Overview dashboard provides a high-level look at data in your Code42 environment.
To access the Overview dashboard, click Overview on the menu bar.
Float your mouse over any pane in the dashboard and click the search icon to perform a Splunk search on the data point. You can also click a segment in a pie chart to perform a search on that data.
|a||Splunk menu bar||Default menu bar in Splunk. For usage, see Splunk documentation.|
|b||Overview||See a snapshot of data about your Code42 environment, including the number of users, devices, backups, and alerts.|
|c||Instance||See data about devices in your Code42 environment, including device status and restore forensics.|
|d||Security||See security-related data, including removable media, restores, and file uploads.|
|e||About||See information about the Code42 app for Splunk.|
|f||Administration||Configure and monitor the health of the Code42 app for Splunk.|
|g||Splunk menu||Provides access to Splunk functionality that you can use to analyze data in your Code42 environment.|
|h||—||Hide the Code42 app for Splunk menu bar.|
|i||Edit||Edit the layout of the dashboard.|
Export data from the dashboard with the following options:
Perform actions on the current dashboard.
|l||Time Window||Set the time range to locate data. The default is Last 24 hours.|
|m||Submit||Submit the selected time range to return data.|
|n||Hide Filters||Hide the time-range filters.|
Displays a count of the number of users, devices, and restores in the time range specified.
|p||Total Bytes||Displays the amount of backed up data and the amount selected for backup.|
|q||Inactive/Active Devices||Displays the number of active, deactivated, and deauthorized devices.|
Completed Backups By Severity
|Displays the time since a backup was performed, sorted by severity.|
|s||Total Bytes by Target||Displays the amount of data stored and selected for storage per backup destination.|
|t||Server Alerts by Severity||Displays the number of server alerts by severity level.|
|u||Server Alerts by Type||Displays the number of server alerts by alert type.|
|v||Server Alert Details||Shows details of each alert, including alert type and severity.|
The Instance menu allows you to open the following dashboards about devices:
The Device Overview dashboard provides data about devices running the Code42 app.
To access the Device Overview dashboard, click Instance > Device Overview on the menu bar.
|a||Device by Status||Active, deactivated, and deauthorized devices.|
|b||User by Organization||User breakdown by organization.|
|c||Device by OS (w/version)||Devices by operating system versions.|
|d||Device by OS and Java Version||Devices by operating system versions and Java versions.|
|e||Device by OS and Client Version||Devices by operating system and Code42 app versions.|
|f||Device by Backup Target||Devices by backup destination.|
|g||Last Backups Per Client||The last time since a device performed a backup (sorted by severity).|
Device Status Report
The Device Status Report dashboard provides detailed data on the state of devices running the Code42 app.
To access the Device Status Report dashboard, click Instance > Device Status Report on the menu bar.
Device Restore Report
The Device Restore Report dashboard provides data about individual file restores. For summary data about file restores all across your environment, see the Restore Forensics dashboard.
To access the Device Restore Report dashboard, click Instance > Device Restore Report on the menu bar.
The Security menu allows you to open dashboards related to endpoint monitoring:
The Security Overview dashboard provides provides data on security-related events in the Code42 environment, and includes data obtained from endpoint monitoring.
To access the Security Overview dashboard, click Security > Security Overview on the menu bar.
|a||Number of Devices by Security Event Type||The number of devices involved in security events arranged by type of event.|
|b||Top 10 Users (most events)||The top 10 users responsible for security events.|
|c||Events over Time by Type||Breakdown of security events displayed by date when the event occurred.|
The Removable Media dashboard provides data on events when removable media are used in the Code42 environment.
To access the Removable Media dashboard, click Security > Removable Media on the menu bar.
|a||Removable Event Type - Size Breakdown||Breakdown of the number of files and amount of data moved to or from removable media.|
|b||Removable Event Type Breakdown - Device File Events||Specific events when files were moved to or from removable media.|
|c||Removable Event Type Breakdown||Breakdown of removable media events by type.|
|d||Top 10 Uers||The top 10 users using removable media.|
|e||Devices Appearing||Devices using removable media.|
|f||Device File Activity||Removable media file activity per device.|
The Cloud Service dashboard shows activity of devices syncing files with cloud service applications.
To access the Cloud Service dashboard, click Security > Cloud Service on the menu bar.
|a||Cloud Event Type - Size Breakdown||Breakdown of cloud service events shown by date.|
|b||Event Type Breakdown - Cloud File Events||Breakdown of cloud service events shown by service provider and date.|
|c||Cloud Service Provider Breakdown||Breakdown of the number of different cloud service provider events.|
|d||Top 10 Users By Provider||The top 10 users with cloud service events, listing the cloud service provider used in each event.|
|e||Top 10 Users Overall||The top 10 users overall with cloud service provider events.|
|f||Cloud File Activity||Details on individual cloud service events.|
The Restore Forensics dashboard provides summary data about file restore activity all across your environment. For information about specific, individual restores, see the Device Restore Report dashboard.
To access the Restore Forensics dashboard, click Security > Restore Forensics on the menu bar.
|a||Restore Types||Source of file restore (client, web, or push).|
|b||Quick Stats||A count of the number of bytes, files, and sources of file restores.|
|c||Top 10 Users (by # files)||The top 10 users broken down by the number of files restored.|
|d||Restores - Size Breakdown||File restores by size and date.|
|d||By Source Computer||File restores by device.|
|f||Restore Details||Data on individual file restore events.|
The File Upload dashboard provides data on file upload events detected by endpoint monitoring.
"File upload" is known as "Browser activity" in Code42 version 6.x.
To access the File Upload dashboard, click Security > File Upload on the menu bar.
|a||Files Opened - Size Breakdown||Files opened in web browsers for upload or download shown by size of event.|
|b||Top 10 Users Overall||Top 10 users who opened files in web browsers for upload or download.|
|c||Files Opened||Specific events of files opened in web browsers for upload or download.|
The About dashboard provides information about the Code42 app for Splunk provided by the app maker Aplura (www.aplura.com).
To access the About dashboard, click About on the menu bar.
The Administration menu allows you to open the following dashboards:
The Application Configuration dashboard allows you to configure the Code42 app for Splunk.
To access the Application Configuration dashboard, click Administration > Application Configuration on the menu bar.
|a||Create New Code42 Input||Create an input for a authority server from which you want to obtain data.|
|b||Create New Proxy||Create a proxy configuration for connecting to a authority server.|
|c||Create New Credential||Create a new encrypted credential that you can assign to an input or proxy.|
|d||Details||View details on the inputs, proxies, or credentials.|
Application Health Overview
The Application Health Overview dashboard provides data on the status of of the Code42 app for Splunk.
To access the Application Health Overview dashboard, click Administration > Application Health Overview on the menu bar.
The last time health status of the Code42 app for Splunk was checked for each authority server input.
To view the checkpoint times, click Submit to the right of the Time Restriction field at the top of the dashboard.
|b||Last 5 event retrieval results||The five most recent health events.
To select the authority server input to retrieve, click the Host Input dropdown arrow.
|c||API Error Count||Count of the errors arising from APIs for the Code42 app for Splunk.
Click the host name for error details.
|d||Error summary||List of errors by date and time, including error messages.|
Splunk menu options
The Splunk menu provides quick access to Splunk functions.
|Search||Find data provided by the Code42 app for Splunk using Splunk search.|
|Datasets||Collect data with Splunk datasets.|
|Reports||Create saved searches with Splunk reporting.|
|Alerts||Receive notifications about events in your Code42 environment with Splunk alerts.|
|Dashboards||Provides access to the Code42 app for Splunk dashboards and allows you to edit them (for example, edit panels and set permissions).|