If you do have access to _internal logs you should be able to the below.... (note that you might need to do some modifications, run the query step by step and do the modifications accordingly)
index=_internal source=web_access.log /app/
| rex "(?:[^/\n]/){5}(?P[^/]+)[^/\n]/(?P\w+\s+)" -----> this is for extracting appname and viewname (please modify this accordingly, not sure why app_name & view_name is not being printed after ?P here)
| search app_name!="search" view_name!="search" app_name!="launcher"
|search sourcetype=splunk_web_access
| eval access_time =strftime(_time,"%Y-%d-%m %H:%M")
| table access_time,user,app_name,view_name
| rename app_name as "Application Name" view_name AS "Dashboard name" user as User
| replace "-" with "No User" in User
