Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

See who is using Splunk by user, app and view

_internal

Description

Submitted by tnesavich

########## Admin Notes This query is a modified version of one submitted by tokenwander here: https://gosplunk.com/whos-using-splunk/ ##########
8 0 
index=_internal sourcetype="splunk_web_access" method="GET" status="200" user!=-
| stats count latest(_time) as ViewTime by user app view
| sort -count
| eventstats sum(count) as countByApp list(view) as view list(count) as count list(ViewTime) as ViewTime by user app
| convert timeformat="%a %m/%d/%Y %I:%M:%S %p" ctime(ViewTime)
| dedup app
| appendpipe [stats sum(count) as count by user | eval view = "Total Views"]
| sort + user -countByApp

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom