Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk User Activity Report

itsmevic
Communicator
‎01-03-2020 10:08 PM

I've been trying to put together a query that will show user activity within Splunk. I would also like to show what apps they have been in, and how long they were in the app as well as how many searches they performed. So far I've put this together:

index=_internal sourcetype= OR index=_audit sourcetype=* status="success" app=* user=*
|timechart span=1w count by user*

The only problem with this query is that it's not pulling the app names nor is it granular enough to pull the times spent in each app. Any help tightening this query syntax would be GREATLY appreciated.

Tags (1)
0 Karma
Reply

mydog8it
Builder
‎01-04-2020 01:44 PM

This question is covered real well in this answer:
https://answers.splunk.com/answers/750048/see-user-activity-by-app-and-view.html

0 Karma
Reply

mydog8it
Builder
‎01-04-2020 01:39 PM

In the future please use the "code sample" applet to insert SPL.
Without using the applet special characters and other formatting may not represented correctly.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...