Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to create aggregated persistent report?

natvaldev
Observer
‎12-01-2019 05:40 AM

My web application logs every user action.
Every log entry contains the user id, the action (click, double-click etc...), timestamp and a short description.
The logs for a specific user are stored for a few days,
hence I need to aggregate them to a processed report / data.
I want to collect (and eventually display) a specific action (let's say double click)
of each user and its description.

For example, I want a table that gets updated for every log (or a few logs with some delay),
that aggregates the data of a userId, the timestamp of all of his double clicks, the count of double clicks and the description for each double click.

How can I solve this?
What tools does splunk offer for something like aggregating log streams that gets removed?

0 Karma
Reply

woodcock
Esteemed Legend
‎12-01-2019 02:47 PM

The main tool in Splunk for this is summary indexing:
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Usesummaryindexing

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-01-2019 06:57 AM

Splunk is a tool that aggregates log streams. Forward your web application logs to Splunk and they will stay there until you run out of disk space or they age out (default time is 7 years), even if the original source disappears. Once you have the data in Splunk you can report on it as you've described.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...