Splunk Search
Highlighted

How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

New Member

I am trying to complete a request for a specific employees internet search history. I need to specify a date range, list all websites visited, and the time the searches occurred. I can't seem to get the search string right, any help would be appreciated.

0 Karma
Highlighted

Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

Legend

It would help some of the raw data and/or your current search.

0 Karma
Highlighted

Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

Esteemed Legend

Show a sample log and maybe we can get on with helping.

0 Karma
Highlighted

Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

Communicator

Hello @RobertKepner - did you manage to get this done ?

@sundareshr @woodcock
I wanted to check - if fortigate logs would be enough to get this done or something else would also be needed ?
I am also planning to achieve the same. i think if i shall make a search query out of fortigate data, i should be able to achieve this..

0 Karma
Highlighted

Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

Esteemed Legend

I am not familiar what those logs so I cannot say.

0 Karma
Highlighted

Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

Legend

@saurabh_tek I am not familiar with the fortigate data either. If you can share a couple of events with extracted field names, we can help.

0 Karma
Highlighted

Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

SplunkTrust
SplunkTrust

A quick look at the fortigate log documentation says this probably is possible, but so much depends on exactly how you have the device(s) configured, if you have the Splunk Fortigate App installed and so on.

If you could please describe and provide a few examples of what logs you have available and perhaps what search you have that isn't working, we could potentially help you with this.

0 Karma
Highlighted

Re: How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

Builder

If it's IIS just grab the ur_stem="*" and whatever is the parsed field for username and then table the results by those same fields ... also include _time

0 Karma