All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

See User Activity by App and View

tnesavich_splun
Splunk Employee
Splunk Employee
‎06-04-2019 03:24 PM

Please see accepted answer below for search that shows what apps and views (dashboards in those apps) users are going to, by user app and view.

Please let me know if this is helpful or improvements you would suggest.

Thanks!

Tags (1)
Preview file
68 KB
Preview file
39 KB
Reply
1 Solution
Solved! Jump to solution
Solution

tnesavich_splun
Splunk Employee
Splunk Employee
‎06-05-2019 07:36 AM

Accepted Solution

   index=_internal sourcetype="splunk_web_access" method="GET" status="200" user!=-
    | stats count latest(_time) as ViewTime by user app view
    | sort -count
    | eventstats sum(count) as countByApp list(view) as view list(count) as count list(ViewTime) as ViewTime by user app
    | convert timeformat="%a %m/%d/%Y %I:%M:%S %p" ctime(ViewTime)
    | dedup app
    | appendpipe [stats sum(count) as count by user | eval view = "Total Views"]
    | sort + user -countByApp

One suggestion is to play with the table format to highlight the total views by user as per the screenshot below:
alt text

Here is an example of what your results might look like:
alt text

View solution in original post

Reply
Solved! Jump to solution
Solution

tnesavich_splun
Splunk Employee
Splunk Employee
‎06-05-2019 07:36 AM

Accepted Solution

   index=_internal sourcetype="splunk_web_access" method="GET" status="200" user!=-
    | stats count latest(_time) as ViewTime by user app view
    | sort -count
    | eventstats sum(count) as countByApp list(view) as view list(count) as count list(ViewTime) as ViewTime by user app
    | convert timeformat="%a %m/%d/%Y %I:%M:%S %p" ctime(ViewTime)
    | dedup app
    | appendpipe [stats sum(count) as count by user | eval view = "Total Views"]
    | sort + user -countByApp

One suggestion is to play with the table format to highlight the total views by user as per the screenshot below:
alt text

Here is an example of what your results might look like:
alt text

Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-05-2019 07:04 AM

Hi @tnesavich_splunk,
Please look for Dashboard Examples App (https://splunkbase.splunk.com/app/1603/) to check the complete example of how to highlight some cell in the table with JS.

Hope this helps!!!

0 Karma
Reply
Solved! Jump to solution

alonsocaio
Contributor
‎06-05-2019 04:23 AM

Hi,

This is a very interesting query actually. A while ago I was looking exactly for something like that.

My suggestion would be to use

| dedup app, user

Instead of

| dedup app

This would allow you to see if more than one user accessed the same app. Like, If user A and user B accessed the search app in the last hour and you dedup by app, you will see just one user in your table. When you dedup by app and user you see both users listed, even if they used the same app.

Reply
Solved! Jump to solution

Smrtz
Engager
‎04-03-2024 11:31 AM

Confirming this still works as of Splunk Cloud v9.0.2

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...