- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Dashboard usage metrics
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dashboard usage metrics
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want, you can use the following search in order to find dashboards being clicked and belonging apps, and by which user.
index="_internal" user!="-" sourcetype=splunkd_ui_access
| rex field=uri "/app/(?[^/]+)/(?[^?/\s]+)"
| search dashboard!="search" dashboard!="home" dashboard!="alert" dashboard!="lookup_edit" dashboard!="@go" dashboard!="data_lab" dashboard!="dataset" dashboard!="datasets" dashboard!="alerts" dashboard!="dashboards" dashboard!="reports" dashboard!="report"
| stats values(user) AS user count AS hits BY app dashboard
| join type=left dashboard
[ | rest /servicesNS/-/-/data/ui/views
| search isDashboard=1 isVisible=1 disabled=0
| table title eai:appName eai:acl.sharing
| rename title AS dashboard eai:appName AS app eai:acl.sharing AS appSharing]
| table app dashboard appSharing user hits
| sort 0 app
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes. I am looking for frequency of user access in this case.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's a search I use to analyze which pages are being hit on the splunk web server. I'm not 100% sure that what your looking for though.
index=_internal sourcetype="splunk_web_access" "GET /en-US/app/" status=200
| rex field=uri "/app/(?<app>[\w_]+)/(?<view_name>[\w._-]+)[/? ]"
| replace "report_builder_*" with "report_builder" in view_name
| stats count, dc(clientip) as clients, min(_time) as first_hit, max(_time) as last_hit by app,view_name
| convert ctime(*_hit)
| sort -count,app,view_name
Note that I have "en-US" hard coded in there. I forget why exactly, I think it gave me a performance boost and everyone around here only speaks English, so it isn't a big deal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What kind of metrics are you looking for? Search performance? Frequency of user access? Something else entirely?
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
