Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Any good Viz for process correlation

jbanAtSplunk
Communicator
‎12-08-2023 06:28 AM

Hi,

If I have process Events like

PID | ProcessName |  CommandLine | SpawnedByPID
100 | process_1 | process_1_commandLine | 99
101 | process_2 | process_2_commandLine | 100
200 | process_3 |  process_3_commandLine | 199
201 |  process_4 |  process_4_commandLine | 200

Is there any Viz that will map processes in some Folder/EDR like tree (where I can also click on node and get mora info).
For example, final results are based on PID but Viz looks like something like
| -> process_name_99
|----> process_1 (on hower or Click will get token process_1_commandLine)
|--------> process_2

| -> process_name_99
|----> process_3
|-------->process_4

Something like psTree just more advanced and connected by PID not names.

Labels (4)
Labels
0 Karma
Reply

_JP
Contributor
‎12-08-2023 02:45 PM

Sounds like you need this app from Splunkbase:

Treeview Viz | Splunkbase

Tags (1)
0 Karma
Reply

jbanAtSplunk
Communicator
‎12-19-2023 07:58 AM

It's good app but not good enough 😞 
Missing few additional fields. 

For example:
Parent_Process_Label (at least). <<< always Parent_Process_PID is "folder name". 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...