Security

Report of sites visited by user (squid)

Explorer

I have Splunk on both of my Squid proxies forwarding the access.log to our main Splunk installation. How would I create a report of distinct domains visited by user?

Tags (1)
0 Karma
1 Solution

Super Champion

You should be able to do something like this:

host=squid* source=*access.log | stats count by domain, user

Or another possible grouping would be like:

host=squid* source=*access.log | stats count, values(domain) as domains by user

View solution in original post

Super Champion

You should be able to do something like this:

host=squid* source=*access.log | stats count by domain, user

Or another possible grouping would be like:

host=squid* source=*access.log | stats count, values(domain) as domains by user

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!