Dashboards & Visualizations

How to create a Dashboard/Report for a website accessed by users?

shandman
Path Finder

I'm trying to create a report that will show me users who accessed a website (linkedin.com) . Fairly straight forward, but I am not the best dashboard / report creator. Using what I have from our enterprise security suite this is my search thus far.

| tstats `summariesonly` max(_time) as _time,values(Web.http_method) as http_method,values(Web.status) as status,count from datamodel=Web.Web where *    (Web.dest="www.linkedin.com")  by Web.src,Web.dest,Web.url | `drop_dm_object_name("Web")` | sort - count | fields _time,http_method,status,src,dest,url,count
Tags (2)
0 Karma

adonio
Ultra Champion

hello there,
this seems like a wide open question. here is how i would approach it and hopefully it will help you focus a little bit.
first i recommend to ask yourself (or whoever will use the dashboard / report), "what is it that you would like to see?"
then i will probably whiteboard it or a quick napkin drawing, example:
timechart with count of hits over time, pie chart with top users hitting it, and a single value representing unique users hitting linkedin.
now i will try to create the right searches in regular SPL (no | tstats or data models).
when satisfied with results and how it looks, will translate it to | tstats format
hope it helps

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...