Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Reinventing the wheel

mikefoti
Communicator
‎08-29-2011 09:47 AM

I just setup my test forefront proxy server to forward logs to my test Splunk indexer. Is there a stash of existing queries, searches, views, etc, one can download to avoid having to reinvent the wheel? My goal is to see what useful data can be gleaned about user browsing behavior?

Tags (1)
Reply

acdevlin
Communicator
‎08-30-2011 01:07 PM

I see. Unfortunately, the inability to install apps will make this more challenging; there are a number of helpful sample apps, and I would strongly recommend finding a workaround so you can install them if at all possible.

All is not lost, however. I'll leave you with a pair of links you should definitely check out:

1) The "Search Examples and Walkthroughs" sections of the user manual. I found it very useful when first starting, as they explain what commands they used and why.

2) The "Search Command Cheat Sheet" section of the search reference. If you get stuck, it's a decent fallback.

You can also try exploring the "answers" section here some more. Odds are if an answer helped one person, it should (hopefully!) help you too.

Does this help you out at all?

0 Karma
Reply

mikefoti
Communicator
‎08-31-2011 06:16 AM

Thanks for the links... I'm sure they will help.

0 Karma
Reply

mikefoti
Communicator
‎08-30-2011 12:32 PM

Good questions... thanks. I mean I'm certain I'm not the first to try to analyze user browsing behavior (i.e. where did JohnSmith browse to yesterday, or who visited cnn.com thsi week, etc) via Splunk. Things as trivial as filtering out the 50 http GETS to CNN.com that make up a single visit are not yet trivial to me (so far I only understand the keyword "Transactions" is somehow useful in this instance). I have read, and will continue to read the documentation available here, but also hope to find a repository tried and true solutions to common tasks.

0 Karma
Reply

mikefoti
Communicator
‎08-30-2011 12:30 PM

Thanks. Our Splunk env is actually a hosted solution. I'm just trying to learn to use it with the limited access I have. I'm told by our service provider I don't have the ability to upload/install/use apps... though, as you suggest, I can browse apps for ideas.

0 Karma
Reply

eevans
Engager
‎08-29-2011 02:20 PM

Check out the splunk apps. I think that will answer a lot of your questions. If you see something you like in one of the apps you can always copy it for later use in a different app.

Reply

acdevlin
Communicator
‎08-29-2011 02:16 PM

What exactly do you mean "reinvent the wheel"? Do you mean a bunch of pre-defined dashboards and searches so that you don't have to build them yourself? And when you talk about "user browsing behavior", do you mean transaction funnels? Or http statuses? Or request times to a server?

If you could be a bit more specific in what you want, I think it would help everyone out 😉

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...