Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

RobertKepner
New Member
‎06-02-2016 02:52 PM

I am trying to complete a request for a specific employees internet search history. I need to specify a date range, list all websites visited, and the time the searches occurred. I can't seem to get the search string right, any help would be appreciated.

0 Karma
Reply

Jarohnimo
Builder
‎07-29-2016 10:45 AM

If it's IIS just grab the ur_stem="*" and whatever is the parsed field for username and then table the results by those same fields ... also include _time

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎07-27-2016 06:43 PM

A quick look at the fortigate log documentation says this probably is possible, but so much depends on exactly how you have the device(s) configured, if you have the Splunk Fortigate App installed and so on.

If you could please describe and provide a few examples of what logs you have available and perhaps what search you have that isn't working, we could potentially help you with this.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-02-2016 09:21 PM

Show a sample log and maybe we can get on with helping.

0 Karma
Reply

saurabh_tek
Communicator
‎07-22-2016 05:33 AM

Hello @RobertKepner - did you manage to get this done ?

@sundareshr @woodcock
I wanted to check - if fortigate logs would be enough to get this done or something else would also be needed ?
I am also planning to achieve the same. i think if i shall make a search query out of fortigate data, i should be able to achieve this..

0 Karma
Reply

woodcock
Esteemed Legend
‎07-22-2016 05:38 AM

I am not familiar what those logs so I cannot say.

0 Karma
Reply

sundareshr
Legend
‎07-22-2016 05:53 AM

@saurabh_tek I am not familiar with the fortigate data either. If you can share a couple of events with extracted field names, we can help.

0 Karma
Reply

sundareshr
Legend
‎06-02-2016 03:55 PM

It would help some of the raw data and/or your current search.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...