How to create a Dashboard/Report for a website acc...

shandman · ‎02-13-2018

I'm trying to create a report that will show me users who accessed a website (linkedin.com) . Fairly straight forward, but I am not the best dashboard / report creator. Using what I have from our enterprise security suite this is my search thus far.

| tstats `summariesonly` max(_time) as _time,values(Web.http_method) as http_method,values(Web.status) as status,count from datamodel=Web.Web where *    (Web.dest="www.linkedin.com")  by Web.src,Web.dest,Web.url | `drop_dm_object_name("Web")` | sort - count | fields _time,http_method,status,src,dest,url,count

adonio · ‎02-14-2018

hello there,
this seems like a wide open question. here is how i would approach it and hopefully it will help you focus a little bit.
first i recommend to ask yourself (or whoever will use the dashboard / report), "what is it that you would like to see?"
then i will probably whiteboard it or a quick napkin drawing, example:
timechart with count of hits over time, pie chart with top users hitting it, and a single value representing unique users hitting linkedin.
now i will try to create the right searches in regular SPL (no | tstats or data models).
when satisfied with results and how it looks, will translate it to | tstats format
hope it helps

How to create a Dashboard/Report for a website accessed by users?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

Join the Conversation