Is there a way to view active, daily "log in" web sessions for a managed site? Would need to create this search and save it as a dashboard... I am already capturing the Apache access log from this site in Splunk and want to see daily successful login metrics.
You can try this. It extracts user names for sessions out of my access_combined logs.
sourcetype=access_combined "*usernameAttr*" | rex ".*usernameAttr:(?<SessionUserName>\S+)\s.*" |stats count by SessionUserName
Run for whatever timeframe you like.
Thanks, but not quite what I am looking for... I am looking more for a way to capture the amount of logins per day, or web user load...
You can try this. It extracts user names for sessions out of my access_combined logs.
sourcetype=access_combined "*usernameAttr*" | rex ".*usernameAttr:(?<SessionUserName>\S+)\s.*" |stats count by SessionUserName
Run for whatever timeframe you like.