Splunk Search

Can I set up a PS4 Game Session Timer and Notification?

InspiredSplunk
Observer

Hi

I want to know how long and when either of two games are being played on the PS4 or a laptop and be notified via email the IP address, when the game play started and when the game play stopped and the duration the game was played. There are multiple game play sessions during the day. I want to be able to graph game play by day and week also.

I am using squid proxy and the destination traffic for both games is known for example api.gamesite1.com for game 1 and api.gamesite2.com for game 2 and the traffic is initiated from the PS4 or laptop every 14 seconds on average and when the game is stopped playing the traffic stops appearing.

Multiple sessions of either game could be played during the day so I want to capture each game session the source IP address, start and finish time and duration between start and finish time.  Can anyone help how to do this?

Labels (6)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Just do a | transaction over destination domain with a maxpause=15s or something like that.

0 Karma

InspiredSplunk
Observer

Hey thanks for the response, I am new to Splunk so next a bit more guidance if that is okay, I need a notification by email upon first time either of the domains is visited and then check progressively for when the domain does not come up for longer than a minute.

It would be good to accumulate traffic for only the domain for graphing after also.

Any help would be appreciated.

0 Karma

EyesFitt
Observer

To track game play sessions, capture relevant details, and generate graphs, set up network monitoring with squid proxy to log traffic, filter game-related traffic using destination URLs, analyze log files to extract source IP, start and stop times, duration, and store the data for further analysis and graphing.
You can also play Fallout 3 Console with Commands using these guidelines (https://cheatcommands.cc/fallout-3-console-commands/).

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Wait, wait, wait.

I assumed you already have the data ingested into splunk.

If you don't you'll have to get your data into splunk in the first place.

Also - what version of splunk are you using? Remember that splunk free doesn't have alerting functionality if I remember correctly.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...