Re: visited websites

nesslee · ‎07-09-2020

Hello, I would like to set up statistics on the visited websites by the users. I would like to find all users who visited online shopping websites. However, i have to exclude all the links related to advertising. So how can i exclude the logs related to advertising so that I can measure the real number of visits to these shopping websites? If this is difficult to measure, another idea can be counting only the users who logged in their personal account in these shopping websites, how do I specify this? I hope my question is clear, I am very new in Splunk..

example:

sourcetype=MWGaccess3 urlc="Online Shopping" | top limit=15 user

isoutamo · ‎07-09-2020

Hi

can you send log sample?

r. Ismo

nesslee · ‎07-10-2020

Hello,

Sorry I was not very clear in my question.

When a user visits a website, it can make hundreds of separate requests related to advertising. So i want to exclude all these logs and keep only the logs with 'real visits' to urlc: online shopping.

To be able to measure that, maybe I can take only the events where user logged into his account. In which field(s) I can find this type of information?

with keywords in url? Mtg? Status? Mt? rule? Connect_protocol? http_method?

visited websites

lookup

search job inspector

subsearch

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Join the Conversation