Reporting
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Url report with user browsing time and number of b...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Url report with user browsing time and number of bytes used
ronaldlb
Explorer
02-11-2015
08:51 AM
Hi I have tried everything but I end with either with user name and website or website with number of counts and bytes. What I am looking for is getting user name with what sites have been visited by the user and how much time spent on each site. Then next when drilled down I would like to see how much bytes where used on the website and how much time was spent. I know there is a way but I am lost please any help with this I would really appreciate. I have tried using the | stats count by user gives me a list and have tired this as well sourcetype="pan_threat" url=* | transaction maxspan=1h maxpause=30m fields=src_ip but it will not give me the report that I am looking for .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
btorresgil
Builder
02-12-2015
11:03 AM
Hello, you can do this several ways, but here's one suggestion:
`pan_index` sourcetype=pan_traffic OR (sourcetype=pan_threat log_subtype=url) | stats values(sourcetype) as sourcetype values(dst_hostname) as hostname sum(bytes) as bytes sum(elapsed_time) as duration by user dst_hostname | search sourcetype="pan_threat" | table user hostname bytes duration
This results in a table where the columns are the User, the FQDN they are accessing, the bytes for that User/FQDN combination, and the duration for that User/FQDN combination.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bsachitano
Explorer
09-23-2016
06:56 AM
ronaldlb, any success with this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ronaldlb
Explorer
02-13-2015
10:40 AM
Thank Btorresgil for the answer this works but I am not get the bytes and duration and the username is not grouped with the number of url visited it is one url per line with the same user. Am i missing something please advice many thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ronaldlb
Explorer
02-13-2015
11:59 AM
So when I do this I get the users with the websites visited and the total bytes used .But what I am looking for is users grouped with urls that is fone but number of bytes used by the website and time spent on the website by user.
pan_index sourcetype=pan_traffic OR (sourcetype=pan_threat log_subtype=url) | stats values(sourcetype) as sourcetype, values(dst_hostname) as hostname , sum(bytes) as bytes by user | search sourcetype="pan_threat" | table user hostname bytes
Get Updates on the Splunk Community!
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
