Ensure that the following are available before proceeding:

• Splunk Server
• Trend Micro Email Security is already configured to use Splunk, see below links from Online Help:
  • https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-online-help/logs-in-hes/managing-syslog.aspx
  • https://docs.trendmicro.com/en-us/enterprise/tmems/olh/syslog_forwarding

To create the dashboard:

1. On Splunk Admin Console, click Search.
2. On the Search Box, type the following:
   host="uiout.tmes.trendmicro.com"
3. Click the Date Range button, and select a date range. (e.g. Last 30 days).
4. Click the green Search icon.

   

5. Create a Visualization, and save it as a Report. Do the following:
   1. Click Visualization.
   2. Click Pivot, select All Fields, and then click OK.
   3. Under Split Rows, click + button, select Action, and do the following:
      • Under Match, change to value to is in list.
      • In the text box, enter "Quarantined,Delivered".
      • Click Add to table.

      This will show table view with the count of Delivered and Quarantined emails.

      

       

      Optional Step: Click the Column Chart icon on the left pane, look for the General section, and select On for Show Data Values.

       
   4. Click Save As, then click Report.
   5. Fill up the required fields, then click Save.

      

   6. Click View.

      

      

6. Create a Dashboard and import the Report. Do the steps below:
   1. Click Dashboards.
   2. Click the Create New Dashboard button.
   3. Enter a Title, click Create Dashboard button.

      

   4. On Edit Dashboard page, click +Add Panel button.
   5. On Add Panel, expand New from Report, select the newly created Report from previous steps.

      

   6. Click Add to Dashboard button.

      

   7. Click the Save button, locatedon the upper-right .

      

      The new dashboard can be found under the Dashboards tab.