Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

IIS Visitor sessions using cs_username

DanielFordWA
Contributor
‎05-28-2013 03:13 AM

I am using iss logs and each user has to authenticate to login to the site I manage.

I would like to get to a count of sessions, with the session identifier as the cs_username, over different periods of time.

After the above is achieved I would then like to split up various user groups and change the standard session timeout, so normally a sessions ends after 30mins of non activity however for some users I would like the session to end after say 3 hours of non activity. I expect this is easy to achieve with a look up table against usernames if the first step is possible.

Thanks,

Dan

0 Karma
Reply

okrabbe_splunk
Splunk Employee
Splunk Employee
‎05-28-2013 07:05 AM

Dan,

Maybe I am missing something in your question but if you are trying to just get a count over time by cs_username have you tried the timechart command?

sourcetype=iis | timechart count by cs_username

You can of course specify the bucketing in the timechart command so you could see session counts by hour, minute, day etc.

0 Karma
Reply

okrabbe_splunk
Splunk Employee
Splunk Employee
‎05-28-2013 12:07 PM

Dan, I think I understand what you are looking for now. I think that a combination of the transaction command the duration command may be more what you are looking for?

http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Concurrency

Reply

DanielFordWA
Contributor
‎05-28-2013 07:41 AM

To be a bit clearer…
I can achieve hit, page view, and visitor stats, but not visit stats.

0 Karma
Reply

DanielFordWA
Contributor
‎05-28-2013 07:37 AM

Most Web Analytics tools will have a session ID from the cookie etc. However current tool I use calculates the sessions from the Authenticated username (cs_username), I would like to replicate this in Splunk.

0 Karma
Reply

DanielFordWA
Contributor
‎05-28-2013 07:35 AM

Thanks for the response.

What I would want to get to is number of visits per user over a given time period.

My issue is calculating the Visits/Sessions. So If there is a gap of more than 30mins between hits for a user then this is a new Visit/Session

Visit/Sessions being - A visit is an interaction, by an individual, with a website consisting of one or more requests for an analyst-definable unit of content (i.e. “page view”). If an individual has not taken another action (typically additional page views) on the site within a specified time period, the visit session will terminate.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...