Splunk Enterprise

Issue with having same client ip address

haripriyasarve1
Explorer

Hi Everyone,

I need to create a dashboard to know from which location the user is accessing the splunkweb. 

The issue is in my splunk _internal webaccess logs , every log has same ipaddress as 127.0.0.1

How to change this configuration and how to know from which location the user is accessing the splunk web.

Thanks in advance. 

 

Labels (2)
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

You could try this:

index=_internal sourcetype=splunkd_ui_access user=* clientip=* source="*/var/log/splunk/splunkd_ui_access.log" 
| stats latest_time(_time) as _time values(clientip) by user

r. Ismo 

View solution in original post

isoutamo
SplunkTrust
SplunkTrust

Hi

You could try this:

index=_internal sourcetype=splunkd_ui_access user=* clientip=* source="*/var/log/splunk/splunkd_ui_access.log" 
| stats latest_time(_time) as _time values(clientip) by user

r. Ismo 

haripriyasarve1
Explorer

Thank you 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What query are you using to find accesses?  Where are you getting the data?

---
If this reply helps you, Karma would be appreciated.
0 Karma

haripriyasarve1
Explorer

I am using the below query to see get the list of users and their ipaddress for the app they are using.

 

index=_internal source=*web_access.log* "*appname*"
|table clientip user

0 Karma

isoutamo
SplunkTrust
SplunkTrust
This probably will give always to 127.0.0.1 to you. So better to use sourcetype=splunkd_ui_access user=* clientip=* source="*/var/log/splunk/splunkd_ui_access.log" to get those IP's which are used to connect to splunk web ui. BUT if you are using LB in front of you SHC, then this is probably that address, not the real user's ip.
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...