I just setup my test forefront proxy server to forward logs to my test Splunk indexer. Is there a stash of existing queries, searches, views, etc, one can download to avoid having to reinvent the wheel? My goal is to see what useful data can be gleaned about user browsing behavior?
I see. Unfortunately, the inability to install apps will make this more challenging; there are a number of helpful sample apps, and I would strongly recommend finding a workaround so you can install them if at all possible.
All is not lost, however. I'll leave you with a pair of links you should definitely check out:
1) The "Search Examples and Walkthroughs" sections of the user manual. I found it very useful when first starting, as they explain what commands they used and why.
2) The "Search Command Cheat Sheet" section of the search reference. If you get stuck, it's a decent fallback.
You can also try exploring the "answers" section here some more. Odds are if an answer helped one person, it should (hopefully!) help you too.
Does this help you out at all?
Good questions... thanks. I mean I'm certain I'm not the first to try to analyze user browsing behavior (i.e. where did JohnSmith browse to yesterday, or who visited cnn.com thsi week, etc) via Splunk. Things as trivial as filtering out the 50 http GETS to CNN.com that make up a single visit are not yet trivial to me (so far I only understand the keyword "Transactions" is somehow useful in this instance). I have read, and will continue to read the documentation available here, but also hope to find a repository tried and true solutions to common tasks.
Thanks. Our Splunk env is actually a hosted solution. I'm just trying to learn to use it with the limited access I have. I'm told by our service provider I don't have the ability to upload/install/use apps... though, as you suggest, I can browse apps for ideas.
What exactly do you mean "reinvent the wheel"? Do you mean a bunch of pre-defined dashboards and searches so that you don't have to build them yourself? And when you talk about "user browsing behavior", do you mean transaction funnels? Or http statuses? Or request times to a server?
If you could be a bit more specific in what you want, I think it would help everyone out 😉