Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Fortigate internet access reports

spgsitsupport
Engager
‎12-15-2010 09:26 PM

I have Fortinet Fortigate sending syslog to Splunk But how do I get any meaningful reports out of Splunk?

Very simple: user, all accessed websites in the last 7 days with time per each site visited

Seb

Tags (1)
Reply

treinke
Builder
‎04-09-2011 01:52 PM

I use this for a report that generates every morning to show me what happened yesterday.

cat_desc!="" | chart count by cat_desc | sort -count | rename cat_desc as Categories

This will show the categories and how many hits per category. To get a good view of what is going on in a specific category I use the follow example.

cat_desc="Adult Materials" | fields src,hostname,url | collect

That will show from which computer it came from, the server, and the url.

Splunk Fortinet Example

If you have your DHCP logs in to Splunk, you can combine the results. The following will shoud you the Source IP, Source Computer, Website, and URL.

cat_desc="Pornography" | join src,date_mday [search sourcetype="DhcpSrvLog" NOT desc="Expired"] | fields src,src_host,hostname,url | collect | rename src as IpAddress | rename src_host as Computer | rename hostname as WebSite | rename url as URL

Hope these examples help.

There are no answer without questions
Reply

tgow
Splunk Employee
Splunk Employee
‎12-15-2010 10:35 PM

Seb,

Is Splunk creating fields out of the data that look interesting? Can you send a snippet of the log and I can show you how to build reports.

Here is a link in Docs to more information:

http://www.splunk.com/base/Documentation/4.1.6/User/Buildreportstutorial

Regards,

Todd

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...