Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Pivot with Palo Alto Data
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI
Can anyone help me with pivot tables in Splunk I am trying to get Palo Alto data to work but it does not give me the report I need. I am looking for user name with time they have visited website and session.
I have this in palo alto but I want a dashboard type experience so I know splunk can do it.
Regards
Ronald
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Splunk for Palo Alto Networks App has a data model and dashboards built in. There is a dashboard called Web Activity Report that has the websites, you could easily add users to the panels. Or you can use a pivot to build your own by clicking 'Settings' at the top right, then 'Datamodel', select the Palo Alto Networks Logs data model, and click 'Pivot'. Here you can build a pivot with the fields 'user' and 'dst_hostname' to get the report you want.
Splunk for Palo Alto Networks App:
http://apps.splunk.com/app/491/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Splunk for Palo Alto Networks App has a data model and dashboards built in. There is a dashboard called Web Activity Report that has the websites, you could easily add users to the panels. Or you can use a pivot to build your own by clicking 'Settings' at the top right, then 'Datamodel', select the Palo Alto Networks Logs data model, and click 'Pivot'. Here you can build a pivot with the fields 'user' and 'dst_hostname' to get the report you want.
Splunk for Palo Alto Networks App:
http://apps.splunk.com/app/491/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pivot option is very much helpful to present or generate a dashboard or statistical report from a data source.
You first need to create a proper data model before you pivot. (field extractions, automatic fields, etc..)
Try the sample pivot data models available in your Search application , so you will able to grasp some ideas on its usage.
you have options to transpose the data, stats , etc.. things you are deriving from search query.. you can able to do it graphically in pivot.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ronald,
Have you been using the app Splunk for Palo Alto Networks?
http://apps.splunk.com/app/491/
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
