topic Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279641#M84507 <P>If it's IIS just grab the ur_stem="*" and whatever is the parsed field for username and then table the results by those same fields ... also include _time</P> Fri, 29 Jul 2016 17:45:00 GMT Jarohnimo 2016-07-29T17:45:00Z How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279634#M84500 <P>I am trying to complete a request for a specific employees internet search history. I need to specify a date range, list all websites visited, and the time the searches occurred. I can't seem to get the search string right, any help would be appreciated. </P> Thu, 02 Jun 2016 21:52:59 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279634#M84500 RobertKepner 2016-06-02T21:52:59Z Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279635#M84501 <P>It would help some of the raw data and/or your current search. </P> Thu, 02 Jun 2016 22:55:04 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279635#M84501 sundareshr 2016-06-02T22:55:04Z Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279636#M84502 <P>Show a sample log and maybe we can get on with helping.</P> Fri, 03 Jun 2016 04:21:48 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279636#M84502 woodcock 2016-06-03T04:21:48Z Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279637#M84503 <P>Hello @RobertKepner - did you manage to get this done ?</P> <P>@sundareshr @woodcock<BR /> I wanted to check - if fortigate logs would be enough to get this done or something else would also be needed ?<BR /> I am also planning to achieve the same. i think if i shall make a search query out of fortigate data, i should be able to achieve this..</P> Fri, 22 Jul 2016 12:33:37 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279637#M84503 saurabh_tek 2016-07-22T12:33:37Z Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279638#M84504 <P>I am not familiar what those logs so I cannot say.</P> Fri, 22 Jul 2016 12:38:50 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279638#M84504 woodcock 2016-07-22T12:38:50Z Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279639#M84505 <P>@saurabh_tek I am not familiar with the fortigate data either. If you can share a couple of events with extracted field names, we can help.</P> Fri, 22 Jul 2016 12:53:05 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279639#M84505 sundareshr 2016-07-22T12:53:05Z Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279640#M84506 <P>A quick look at the fortigate log documentation says this probably is possible, but so much depends on exactly how you have the device(s) configured, if you have the <A href="https://splunkbase.splunk.com/app/2800/">Splunk Fortigate App</A> installed and so on.</P> <P>If you could please describe and provide a few examples of what logs you have available and perhaps what search you have that isn't working, we could potentially help you with this.</P> Thu, 28 Jul 2016 01:43:26 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279640#M84506 Richfez 2016-07-28T01:43:26Z Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279641#M84507 <P>If it's IIS just grab the ur_stem="*" and whatever is the parsed field for username and then table the results by those same fields ... also include _time</P> Fri, 29 Jul 2016 17:45:00 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-specific-user-s-internet-activity-for-a-certain/m-p/279641#M84507 Jarohnimo 2016-07-29T17:45:00Z