Getting Data In

IIS Visitor sessions using cs_username

DanielFordWA
Contributor

I am using iss logs and each user has to authenticate to login to the site I manage.

I would like to get to a count of sessions, with the session identifier as the cs_username, over different periods of time.

After the above is achieved I would then like to split up various user groups and change the standard session timeout, so normally a sessions ends after 30mins of non activity however for some users I would like the session to end after say 3 hours of non activity. I expect this is easy to achieve with a look up table against usernames if the first step is possible.

Thanks,

Dan

0 Karma

okrabbe_splunk
Splunk Employee
Splunk Employee

Dan,

Maybe I am missing something in your question but if you are trying to just get a count over time by cs_username have you tried the timechart command?

sourcetype=iis | timechart count by cs_username

You can of course specify the bucketing in the timechart command so you could see session counts by hour, minute, day etc.

0 Karma

okrabbe_splunk
Splunk Employee
Splunk Employee

Dan, I think I understand what you are looking for now. I think that a combination of the transaction command the duration command may be more what you are looking for?

http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Concurrency

DanielFordWA
Contributor

To be a bit clearer…
I can achieve hit, page view, and visitor stats, but not visit stats.

0 Karma

DanielFordWA
Contributor

Most Web Analytics tools will have a session ID from the cookie etc. However current tool I use calculates the sessions from the Authenticated username (cs_username), I would like to replicate this in Splunk.

0 Karma

DanielFordWA
Contributor

Thanks for the response.

What I would want to get to is number of visits per user over a given time period.

My issue is calculating the Visits/Sessions. So If there is a gap of more than 30mins between hits for a user then this is a new Visit/Session

Visit/Sessions being - A visit is an interaction, by an individual, with a website consisting of one or more requests for an analyst-definable unit of content (i.e. “page view”). If an individual has not taken another action (typically additional page views) on the site within a specified time period, the visit session will terminate.

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...