Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a Dashboard/Report for a website accessed by users?

shandman
Path Finder
‎02-13-2018 12:13 PM

I'm trying to create a report that will show me users who accessed a website (linkedin.com) . Fairly straight forward, but I am not the best dashboard / report creator. Using what I have from our enterprise security suite this is my search thus far. 

| tstats `summariesonly` max(_time) as _time,values(Web.http_method) as http_method,values(Web.status) as status,count from datamodel=Web.Web where *    (Web.dest="www.linkedin.com")  by Web.src,Web.dest,Web.url | `drop_dm_object_name("Web")` | sort - count | fields _time,http_method,status,src,dest,url,count
Tags (2)
0 Karma
Reply

adonio
Ultra Champion
‎02-14-2018 10:05 AM

hello there,
this seems like a wide open question. here is how i would approach it and hopefully it will help you focus a little bit.
first i recommend to ask yourself (or whoever will use the dashboard / report), "what is it that you would like to see?"
then i will probably whiteboard it or a quick napkin drawing, example:
timechart with count of hits over time, pie chart with top users hitting it, and a single value representing unique users hitting linkedin.
now i will try to create the right searches in regular SPL (no | tstats or data models).
when satisfied with results and how it looks, will translate it to | tstats format
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...