Skip to main content

This article applies to Cloud.

Other available versions:

Version 6 | Version 5 | Version 4icon.qnmark.png

Available in:

StandardPremiumEnterprise
Small Business
Code42 Support

Code42 app for Splunk reference

This article applies to Cloud.

Other available versions:

Version 6 | Version 5 | Version 4icon.qnmark.png

Available in:

StandardPremiumEnterprise
Small Business

Overview

This article describes the dashboards available in the Code42 app for Splunk. Splunk is a solution for data analytics monitoring and visualization. The Code42 app for Splunk adds Code42-specific dashboards to Splunk Enterprise or Spunk Cloud.

To install the app, see Install and manage the Code42 app for Splunk.

Considerations

Access the Code42 app for Splunk

  1. Start Splunk Enterprise or start Splunk Cloud.
  2. On your Splunk home page, click the Code42 app for Splunk button:
    Code42 App For Splunk button

Overview dashboard

The Overview dashboard provides a high-level look at data in your Code42 environment. 

To access the Overview dashboard, click Overview on the menu bar.

Overview dashboard

Mouse over data to access Splunk search
Float your mouse over any pane in the dashboard and click the search icon Splunk search icon to perform a Splunk search on the data point. You can also click a segment in a pie chart to perform a search on that data. 
Item   Description
a Splunk menu bar Default menu bar in Splunk. For usage, see Splunk documentation.
b Overview See a snapshot of data about your Code42 environment, including the number of users, devices, backups, and alerts.
c Instance See data about devices in your Code42 environment, including device status and restore forensics.
d Security See security-related data, including removable media, restores, and file uploads.
e About See information about the Code42 app for Splunk.
f Administration Configure and monitor the health of the Code42 app for Splunk.
g Splunk menu Provides access to Splunk functionality that you can use to analyze data in your Code42 environment.
h Hide the Code42 app for Splunk menu bar.
i Edit Edit the layout of the dashboard.
j Export

Export data from the dashboard with the following options:

  • Export PDF
  • Schedule PDF Delivery
  • Print
k ...

Perform actions on the current dashboard.

Item Description
Edit Permissions Set who has permissions to the dashboard.
Convert to HTML Convert the dashboard to HTML.
Clone Clone the dashboard.
Set as Home Dashboard Set the current dashboard as the home dashboard in the Code42 app for Splunk.

 

l Time Window Set the time range to locate data. The default is Last 24 hours.
m Submit Submit the selected time range to return data.
n Hide Filters Hide the time-range filters.
o Stats count

Displays a count of the number of users, devices, and restores in the time range specified.

p Total Bytes Displays the amount of backed up data and the amount selected for backup.
q Inactive/Active Devices Displays the number of active, deactivated, and deauthorized devices.
r

Completed Backups By Severity

Displays the time since a backup was performed, sorted by severity.
s Total Bytes by Target Displays the amount of data stored and selected for storage per backup destination.
t Server Alerts by Severity Displays the number of server alerts by severity level.
u Server Alerts by Type Displays the number of server alerts by alert type.
v Server Alert Details Shows details of each alert, including alert type and severity.

Instance dashboards

The Instance menu allows you to open the following dashboards about devices:

Device Overview

The Device Overview dashboard provides data about devices running the Code42 app.

To access the Device Overview dashboard, click Instance > Device Overview on the menu bar.

Device Overview dashboard

Item   Description
a Device by Status Active, deactivated, and deauthorized devices.
b User by Organization User breakdown by organization.
c Device by OS (w/version) Devices by operating system versions.
d Device by OS and Java Version Devices by operating system versions and Java versions.
e Device by OS and Client Version Devices by operating system and Code42 app versions.
f Device by Backup Target Devices by backup destination.
g Last Backups Per Client The last time since a device performed a backup (sorted by severity).

Device Status Report

The Device Status Report dashboard provides detailed data on the state of devices running the Code42 app.

To access the Device Status Report dashboard, click Instance > Device Status Report on the menu bar.
Device Status Report dashboard

Device Restore Report

The Device Restore Report dashboard provides data about individual file restores. For summary data about file restores all across your environment, see the Restore Forensics dashboard.

To access the Device Restore Report dashboard, click Instance > Device Restore Report on the menu bar.

Device Restore Report dashboard

Security dashboards

The Security menu allows you to open dashboards related to endpoint monitoring:

Security Overview

The Security Overview dashboard provides provides data on security-related events in the Code42 environment, and includes data obtained from endpoint monitoring

To access the Security Overview dashboard, click Security > Security Overview on the menu bar.

Security Overview dashboard

Item   Description
a Number of Devices by  Security Event Type The number of devices involved in security events arranged by type of event.
b Top 10 Users (most events) The top 10 users responsible for security events.
c Events over Time by Type Breakdown of security events displayed by date when the event occurred.

Removable Media

The Removable Media dashboard provides data on events when removable media are used in the Code42 environment.

To access the Removable Media dashboard, click Security > Removable Media on the menu bar.

Removable Media dashboard

Item   Description
a Removable Event Type - Size Breakdown Breakdown of the number of files and amount of data moved to or from removable media.
b Removable Event Type Breakdown - Device File Events Specific events when files were moved to or from removable media.
c Removable Event Type Breakdown Breakdown of removable media events by type.
d Top 10 Uers The top 10 users using removable media.
e Devices Appearing Devices using removable media.
f Device File Activity Removable media file activity per device.

Cloud Service

The Cloud Service dashboard shows activity of devices syncing files with cloud service applications.

To access the Cloud Service dashboard, click Security > Cloud Service on the menu bar.

Cloud Service dashboard

Item   Description
a Cloud Event Type - Size Breakdown Breakdown of cloud service events shown by date.
b Event Type Breakdown - Cloud File Events Breakdown of cloud service events shown by service provider and date.
c Cloud Service Provider Breakdown Breakdown of the number of different cloud service provider events.
d Top 10 Users By Provider The top 10 users with cloud service events, listing the cloud service provider used in each event.
e Top 10 Users Overall The top 10 users overall with cloud service provider events.
f Cloud File Activity Details on individual cloud service events.

Restore Forensics

The Restore Forensics dashboard provides summary data about file restore activity all across your environment. For information about specific, individual restores, see the Device Restore Report dashboard. 

To access the Restore Forensics dashboard, click Security > Restore Forensics on the menu bar.

Restore Forensics dashboard

Item   Description
a Restore Types Source of file restore (client, web, or push).
b Quick Stats A count of the number of bytes, files, and sources of file restores.
c Top 10 Users
(by # files)
The top 10 users broken down by the number of files restored.
d Restores - Size Breakdown File restores by size and date.
d By Source Computer File restores by device.
f Restore Details Data on individual file restore events.

File Upload

The File Upload dashboard provides data on file upload events detected by endpoint monitoring.
"File upload" is known as "Browser activity" in Code42 version 6.x. 

To access the File Upload dashboard, click Security > File Upload on the menu bar.

Splunk_3.0_File_Upload_dashboard.png

Item   Description
a Files Opened - Size Breakdown Files opened in web browsers for upload or download shown by size of event.
b Top 10 Users Overall Top 10 users who opened files in web browsers for upload or download.
c Files Opened Specific events of files opened in web browsers for upload or download.

About dashboard

The About dashboard provides information about the Code42 app for Splunk provided by the app maker Aplura (www.aplura.com).

To access the About dashboard, click About on the menu bar.

Administration dashboards

The Administration menu allows you to open the following dashboards:

Application Configuration

The Application Configuration dashboard allows you to configure the Code42 app for Splunk.

To access the Application Configuration dashboard, click Administration > Application Configuration on the menu bar.

Splunk 3.0 Application Configuration dashboard

Item   Description
a Create New Code42 Input Create an input for a host from which you want to obtain data.
b Create New Proxy Create a proxy configuration for connecting to a host.
c Create New Credential Create a new encrypted credential that you can assign to an input or proxy.
d Details View details on the inputs, proxies, or credentials.

Application Health Overview

The Application Health Overview dashboard provides data on the status of of the Code42 app for Splunk.

To access the Application Health Overview dashboard, click Administration > Application Health Overview on the menu bar.

Application Health Overview dashboard

Item   Description
a Last checkpoint

The last time health status of the Code42 app for Splunk was checked for each host input.

To view the checkpoint times, click Submit to the right of the Time Restriction field at the top of the dashboard.

b Last 5 event retrieval results The five most recent health events.
To select the host input to retrieve, click the Host Input dropdown arrow.
c API Error Count Count of the errors arising from APIs for the Code42 app for Splunk.
Click the host name for error details.
d Error summary List of errors by date and time, including error messages.

Splunk menu options

The Splunk menu provides quick access to Splunk functions.

Splunk menu

Menu option Description
Search Find data provided by the Code42 app for Splunk using Splunk search.
Datasets Collect data with Splunk datasets.
Reports Create saved searches with Splunk reporting.
Alerts Receive notifications about events in your Code42 environment with Splunk alerts.
Dashboards Provides access to the Code42 app for Splunk dashboards and allows you to edit them (for example, edit panels and set permissions).
  • Was this article helpful?