You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The {{security-app}}'s default dashboards provide useful visualizations of your security environment. To view them in {{elastic-sec}}, select **Dashboards** from the navigation menu. From the Dashboards page, you can access the default dashboards, as well as create and access custom dashboards.
17
10
18
11
To create a new custom dashboard, click **Create Dashboard**. You can control which custom dashboards appear in the table:
% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
17
-
18
-
$$$data-quality-dash-check-indices$$$
19
-
20
9
The Data Quality dashboard shows you whether your data is correctly mapped to the [Elastic Common Schema](asciidocalypse://docs/ecs/docs/reference/index.md) (ECS). Successful [mapping](/manage-data/data-store/mapping.md) enables you to search, visualize, and interact with your data throughout {{elastic-sec}} and {{kib}}.
@@ -27,12 +16,14 @@ The Data Quality dashboard shows you whether your data is correctly mapped to th
27
16
Use the Data Quality dashboard to:
28
17
29
18
* Check one or multiple indices for unsuccessful mappings, to help you identify problems (the indices used by {{elastic-sec}} appear by default).
30
-
* View the amount of data stored in each of your indices.
19
+
* View the amount of data and number of documents stored in each of your indices.
31
20
* View detailed information about the fields in checked indices.
32
21
* Track unsuccessful mappings by creating a case or Markdown report based on data quality results.
33
22
23
+
34
24
::::{note}
35
-
The Data Quality dashboard doesn’t show data from cold or frozen [data tiers](/manage-data/lifecycle/data-tiers.md). It also doesn’t display data from remote clusters using cross-cluster search. To view data from another cluster, log in to that cluster’s {{kib}} instance.
25
+
* On {{serverless-short}} deployments, index `Size` data is not available.
26
+
* The Data Quality dashboard doesn’t show data from cold or frozen [data tiers](/manage-data/lifecycle/data-tiers.md). It also doesn’t display data from remote clusters using cross-cluster search. To view data from another cluster, log in to that cluster’s {{kib}} instance.
36
27
::::
37
28
38
29
@@ -82,7 +73,7 @@ Click a node in the treemap to expand the corresponding index.
82
73
83
74
## Learn more about checked index fields [_learn_more_about_checked_index_fields]
84
75
85
-
After an index is checked, a **Pass** or **Fail*** status appears. ***Fail*** indicates mapping problems in an index. To view index check details, including which fields weren’t successfully mapped, click the ***Check now** button under **Actions**.
76
+
After an index is checked, a **Pass** or **Fail** status appears. **Fail** indicates mapping problems in an index. To view index check details, including which fields weren’t successfully mapped, click the **Check now** button under **Actions**.
:alt: An expanded index with some failed results in the Data Quality dashboard
@@ -99,7 +90,7 @@ Fields in the **Same family** category have the correct search behavior, but mig
99
90
100
91
## View historical data quality results [_view_historical_data_quality_results]
101
92
102
-
You can review an index’s data quality history by clicking **View history** under **Actions***, or by clicking the ***History*** tab in the details flyout. You can filter the results by time and ***Pass** / **Fail** status. Click a historical check to expand it and view more details.
93
+
You can review an index’s data quality history by clicking **View history** under **Actions**, or by clicking the **History** tab in the details flyout. You can filter the results by time and **Pass** / **Fail** status. Click a historical check to expand it and view more details.
The Detection & Response dashboard provides focused visibility into the day-to-day operations of your security environment. It helps security operations managers and analysts quickly monitor recent and high priority detection alerts and cases, and identify the hosts and users associated with alerts.
@@ -23,7 +16,7 @@ The Detection & Response dashboard provides focused visibility into the day-to-d
23
16
Interact with various dashboard elements:
24
17
25
18
* Use the date and time picker in the upper-right to specify a time range for displaying information on the dashboard.
26
-
* In sections that list alert counts, click a number to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png"")) to open the alerts in Timeline.
19
+
* In sections that list alert counts, click a number to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png"title =20x20")) to open the alerts in Timeline.
27
20
* Click the name of a detection rule, case, host, or user to open its details page.
0 commit comments