Hi

can y help me to create research for fortigate VPN User?

statistics witch user, duration vpn and total gb

default splunk app not have this detail, need know totale vpn user per day and detail

bye 😄

this is app search (not have total event for user but all total event)

| tstats summariesonly=true max(_time) AS NTime, last(log.system_event.vpn.tunnelname) AS Tunnel_Name, last(log.sentbyte) AS Sent, last(log.rcvdbyte) AS Received, last(log.system_event.vpn.tunneltype) AS Tunnel_Type, last(log.user) AS User, last(log.system_event.vpn.group) AS User_Group, last(log.system_event.vpn.duration) AS Duration_Sec FROM datamodel="ftnt_fos" WHERE nodename="log.system_event.vpn" log.sentbyte!=0 log.rcvdbyte!=0 log.devname="*" log.vd="*" log.system_event.vpn.tunneltype="*" log.user="*" groupby _time log.system_event.vpn.tunnelname | sort -_time | eval Received_MB = (Received/(1024*1024))| eval Sent_MB = (Sent/(1024*1024)) |sort -_time| convert ctime(NTime) as Time | table Time, Tunnel_Name, Tunnel_Type, User, User_Group, Sent_MB, Received_MB, Duration_Sec