Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Fortigate internet access reports

spgsitsupport
Engager
‎12-15-2010 09:26 PM

I have Fortinet Fortigate sending syslog to Splunk But how do I get any meaningful reports out of Splunk?

Very simple: user, all accessed websites in the last 7 days with time per each site visited

Seb

Tags (1)
Reply

treinke
Builder
‎04-09-2011 01:52 PM

I use this for a report that generates every morning to show me what happened yesterday.

cat_desc!="" | chart count by cat_desc | sort -count | rename cat_desc as Categories

This will show the categories and how many hits per category. To get a good view of what is going on in a specific category I use the follow example.

cat_desc="Adult Materials" | fields src,hostname,url | collect

That will show from which computer it came from, the server, and the url.

Splunk Fortinet Example

If you have your DHCP logs in to Splunk, you can combine the results. The following will shoud you the Source IP, Source Computer, Website, and URL.

cat_desc="Pornography" | join src,date_mday [search sourcetype="DhcpSrvLog" NOT desc="Expired"] | fields src,src_host,hostname,url | collect | rename src as IpAddress | rename src_host as Computer | rename hostname as WebSite | rename url as URL

Hope these examples help.

There are no answer without questions
Reply

tgow
Splunk Employee
Splunk Employee
‎12-15-2010 10:35 PM

Seb,

Is Splunk creating fields out of the data that look interesting? Can you send a snippet of the log and I can show you how to build reports.

Here is a link in Docs to more information:

http://www.splunk.com/base/Documentation/4.1.6/User/Buildreportstutorial

Regards,

Todd

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...