Creating a Dashboard for Jamf Protect Data
You can add your search results in panel form to a new dashboard or an existing dashboard, and then customize the dashboard to meet your organization's needs.
Customizing the Dashboard for Jamf Protect
You can do the following to customize Splunk dashboards:
Switch between light and dark mode.
Edit the layout of panels.
Edit the visualization of individual panels.
The following dashboard is an example of how you can customize a Jamf Protect dashboard:
For more information about customizing the dashboard, including instructions, see Dashboards and Visualizations documentation from Splunk.
Jamf Protect Search and Visualization Examples
This section contains examples of search and visualization pairs that can be used as a starting point to display your data in a dashboard.
The following examples use searches based on data collected from Jamf Protect for Splunk.
Logs and Alerts by Event Types
| Search | Visualization |
|---|---|
source = "http:Jamf Protect" | stats count by input.eventType | rename input.eventType AS "Event Type", input.match.facts{}.name AS "Event", count AS "Count" |
 |
Detected Analytics Count
| Search | Visualization |
|---|---|
source = "http:Jamf Protect" | stats count by input.eventType, input.match.facts{}.name | rename input.eventType AS "Event Type", input.match.facts{}.name AS "Event", count AS "Count" | sort Count desc | head 10 |
 |
Event Type Breakdown
| Search | Visualization |
|---|---|
source = "http:Jamf Protect" input.eventType="GPFSEvent" | stats count by input.match.facts{}.name | rename input.match.facts{}.name AS "Event", count AS "Count" |
 |
Executables Blocked by Gatekeeper
| Search | Visualization |
|---|---|
source = "http:Jamf Protect" input.eventType="GPGatekeeperEvent" | stats count by input.match.facts{}.name, input.match.event.path | rename input.match.facts{}.name AS "Block Type", input.match.event.path AS "Executable" | head 10 |
 |