Dashboards & Visualizations

How to create a Dashboard/Report for a website accessed by users?

shandman
Path Finder

I'm trying to create a report that will show me users who accessed a website (linkedin.com) . Fairly straight forward, but I am not the best dashboard / report creator. Using what I have from our enterprise security suite this is my search thus far.

| tstats `summariesonly` max(_time) as _time,values(Web.http_method) as http_method,values(Web.status) as status,count from datamodel=Web.Web where *    (Web.dest="www.linkedin.com")  by Web.src,Web.dest,Web.url | `drop_dm_object_name("Web")` | sort - count | fields _time,http_method,status,src,dest,url,count
Tags (2)
0 Karma

adonio
Ultra Champion

hello there,
this seems like a wide open question. here is how i would approach it and hopefully it will help you focus a little bit.
first i recommend to ask yourself (or whoever will use the dashboard / report), "what is it that you would like to see?"
then i will probably whiteboard it or a quick napkin drawing, example:
timechart with count of hits over time, pie chart with top users hitting it, and a single value representing unique users hitting linkedin.
now i will try to create the right searches in regular SPL (no | tstats or data models).
when satisfied with results and how it looks, will translate it to | tstats format
hope it helps

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...