- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Re: Pivot with Palo Alto Data
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI
Can anyone help me with pivot tables in Splunk I am trying to get Palo Alto data to work but it does not give me the report I need. I am looking for user name with time they have visited website and session.
I have this in palo alto but I want a dashboard type experience so I know splunk can do it.
Regards
Ronald
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Splunk for Palo Alto Networks App has a data model and dashboards built in. There is a dashboard called Web Activity Report that has the websites, you could easily add users to the panels. Or you can use a pivot to build your own by clicking 'Settings' at the top right, then 'Datamodel', select the Palo Alto Networks Logs data model, and click 'Pivot'. Here you can build a pivot with the fields 'user' and 'dst_hostname' to get the report you want.
Splunk for Palo Alto Networks App:
http://apps.splunk.com/app/491/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Splunk for Palo Alto Networks App has a data model and dashboards built in. There is a dashboard called Web Activity Report that has the websites, you could easily add users to the panels. Or you can use a pivot to build your own by clicking 'Settings' at the top right, then 'Datamodel', select the Palo Alto Networks Logs data model, and click 'Pivot'. Here you can build a pivot with the fields 'user' and 'dst_hostname' to get the report you want.
Splunk for Palo Alto Networks App:
http://apps.splunk.com/app/491/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pivot option is very much helpful to present or generate a dashboard or statistical report from a data source.
You first need to create a proper data model before you pivot. (field extractions, automatic fields, etc..)
Try the sample pivot data models available in your Search application , so you will able to grasp some ideas on its usage.
you have options to transpose the data, stats , etc.. things you are deriving from search query.. you can able to do it graphically in pivot.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ronald,
Have you been using the app Splunk for Palo Alto Networks?
http://apps.splunk.com/app/491/
Splunk Platform | Upgrading your Splunk Deployment to Python 3.9
From Product Design to User Insights: Boosting App Developer Identity on Splunkbase
Detect and Resolve Issues in a Kubernetes Environment
