Skip to main content
Version: Atlas v4.4

Using Data Hub

Data Hub provides Splunk users visibility into their data and the ability to add additional clarity by creating Data Definitions. These definitions can enable teams to apply Change Management Discipline to their Splunk environment. Paired with this capability, Data Hub also provides unparalleled visibility into Data Set utilization. Using this knowledge, Splunk Admins can more effectively manage and rule not just their environment, but their users.

For setup details, see Configuring Data Hub.

Following these steps will help Splunk admins regain control of their Splunk ecosystem and control data ingests.

  1. Ensure utilization is being tracked by configuring Data Hub.
  2. Set ownership of Indexes using bulk apply.
  3. Perform utilization analysis on your high ingest indexes to ensure they are being effectively used.
  4. Create and assign data labels such as 'Networking' or 'OS Security' to group together similar indexes.
  5. Perform routine reviews on ingests and ensure all data flowing into Splunk is owned.

Data Hub Page

Data Hub is designed to help teams manage dataset lifecycle tasks with fewer context switches. The main data table enables users to investigate their data effectively. Review the below features to fully understand the capability offered by Data Hub.

Default Views & Additional Columns

By selecting the View dropdown, a user can select a pre-made collection of columns for the table to easily get started in Data Hub. The default views include:

  • Data Inventory: A report focused on the Data Label, Owner, Business Unit, and Contact information of a data set, along with its ingest.
  • Data Utilization: This view focuses on the utilization activity of a data set, and compares the ingest to its overall utilization.

Selecting the data table's column button enables the user to add additional columns to the view. Your column selection is saved, but is cleared by selecting a default view.

Inline Editing

If a user is an Atlas Creator, or Atlas Admin, they can double click on columns marked with a pencil icon, and update fields without opening up any modals.

Bulk Actions

Atlas Creators and Atlas Admins can select checkboxes on the left, and the bulk 'Define Datasets' button below to open a Bulk Update modal. Users can leverage this modal to apply information on more than one dataset at a time. Any field left blank will not be updated, changed, or cleared, but any new context added in the bulk update will overwrite previous field data.

Detailed Modals & Actions

Selecting the kebab (three dots) button on the far right of the table enables the user to view additional details and perform actions.

  • Show Data In Splunk: Opens up and runs a search against the dataset for the last 24 hours.
  • View Dataset Info: Opens up the details modal on the data definition page. Admins and Creators can update the definition in more detail here.
  • View Dataset Utilization: Reveals the utilization of the dataset. Users can jump directly to the knowledge object or review SPL executed on this modal.