Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

RobertKepner
New Member
‎06-02-2016 02:52 PM

I am trying to complete a request for a specific employees internet search history. I need to specify a date range, list all websites visited, and the time the searches occurred. I can't seem to get the search string right, any help would be appreciated.

0 Karma
Reply

Jarohnimo
Builder
‎07-29-2016 10:45 AM

If it's IIS just grab the ur_stem="*" and whatever is the parsed field for username and then table the results by those same fields ... also include _time

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎07-27-2016 06:43 PM

A quick look at the fortigate log documentation says this probably is possible, but so much depends on exactly how you have the device(s) configured, if you have the Splunk Fortigate App installed and so on.

If you could please describe and provide a few examples of what logs you have available and perhaps what search you have that isn't working, we could potentially help you with this.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-02-2016 09:21 PM

Show a sample log and maybe we can get on with helping.

0 Karma
Reply

saurabh_tek
Communicator
‎07-22-2016 05:33 AM

Hello @RobertKepner - did you manage to get this done ?

@sundareshr @woodcock
I wanted to check - if fortigate logs would be enough to get this done or something else would also be needed ?
I am also planning to achieve the same. i think if i shall make a search query out of fortigate data, i should be able to achieve this..

0 Karma
Reply

woodcock
Esteemed Legend
‎07-22-2016 05:38 AM

I am not familiar what those logs so I cannot say.

0 Karma
Reply

sundareshr
Legend
‎07-22-2016 05:53 AM

@saurabh_tek I am not familiar with the fortigate data either. If you can share a couple of events with extracted field names, we can help.

0 Karma
Reply

sundareshr
Legend
‎06-02-2016 03:55 PM

It would help some of the raw data and/or your current search.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...