Hi all,
Thanks all for spending time to my case.
I would like to list out a table to show the user web browsing log.
For example, what url they will go when they are surfing splunk.com
Table would like to be like that.
Date | Time | User | hostname (this maybe splunk.com) | url | Total SentByte | Total Receive Byte (rcvdbyte)
Do you guys has any idea?
@cmndata1 ,
You might need to provide more details for us to help you better.
What's the source of data ? What kind of events do you have now? Do you have the specified fields in your events?
In general it would be
index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by url
|eval bandwidth=rcvd + sent
@renjith.nair
Thank you so much.
I would like to give you some fields that is useful.
index would be fgt_utm
The firewall is sending log to splunk.
For ideal case, i would like to list out how many bandwidth did the user spend on each url.
Thanks!
Probably you can start with below and lets know what changes you need. If you may added additional group by clause (Date,srcip etc)
index=fgt_utm "your other filters for sourcetype"
|eval bandwidthMb=((sentByte/1000000)+(rcvdbyte /1000000))
|stats sum(bandwidthMb) as BandwidthUsed by User,url,host