Reporting
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Url report with user browsing time and number of b...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Url report with user browsing time and number of bytes used
ronaldlb
Explorer
02-11-2015
08:51 AM
Hi I have tried everything but I end with either with user name and website or website with number of counts and bytes. What I am looking for is getting user name with what sites have been visited by the user and how much time spent on each site. Then next when drilled down I would like to see how much bytes where used on the website and how much time was spent. I know there is a way but I am lost please any help with this I would really appreciate. I have tried using the | stats count by user gives me a list and have tired this as well sourcetype="pan_threat" url=* | transaction maxspan=1h maxpause=30m fields=src_ip but it will not give me the report that I am looking for .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
btorresgil
Builder
02-12-2015
11:03 AM
Hello, you can do this several ways, but here's one suggestion:
`pan_index` sourcetype=pan_traffic OR (sourcetype=pan_threat log_subtype=url) | stats values(sourcetype) as sourcetype values(dst_hostname) as hostname sum(bytes) as bytes sum(elapsed_time) as duration by user dst_hostname | search sourcetype="pan_threat" | table user hostname bytes duration
This results in a table where the columns are the User, the FQDN they are accessing, the bytes for that User/FQDN combination, and the duration for that User/FQDN combination.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bsachitano
Explorer
09-23-2016
06:56 AM
ronaldlb, any success with this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ronaldlb
Explorer
02-13-2015
10:40 AM
Thank Btorresgil for the answer this works but I am not get the bytes and duration and the username is not grouped with the number of url visited it is one url per line with the same user. Am i missing something please advice many thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ronaldlb
Explorer
02-13-2015
11:59 AM
So when I do this I get the users with the websites visited and the total bytes used .But what I am looking for is users grouped with urls that is fone but number of bytes used by the website and time spent on the website by user.
pan_index sourcetype=pan_traffic OR (sourcetype=pan_threat log_subtype=url) | stats values(sourcetype) as sourcetype, values(dst_hostname) as hostname , sum(bytes) as bytes by user | search sourcetype="pan_threat" | table user hostname bytes
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
