Successful Logons to WordPress Admin Area

Ever want more detailed information on authentications to your WordPress Admin Area? This Splunk Query will show detailed information on successful authentications to the wp-admin section of your site:

Screenshot: Notes: Please comment if this is successful or unsuccessful for you, I have limited access to WordPress data. That said this worked for me.

Continue Reading →

Apache Traffic Dashboard

Description: The following Dashboard is what I use to monitor traffic to GoSplunk. It uses the built in sourcetype of access_combined. No additional add-on’s or TA’s are required. I replaced my index with index=* so it’ll work out of the box. You’ll want to change this to your index for best practices. *UPDATE – 2019/05/29* […]

Continue Reading →

Apache High Level Visitor Info

The following query gives a breakdown on traffic by clientip. I run this over all time so I can get detailed information on first visit versus latest visit as you can see below.

This will return something like the following: If you want to run this as a scheduled search, which I advise doing […]

Continue Reading →

Direct and Referred Apache Web Traffic

The following query will show all traffic to an Apache web server that is direct, meaning no referring site.

The following query will show all traffic that is NOT direct, meaning only referring sites.

The following query is the same as above, but with a timechart spanning 1 day.

The following Query […]

Continue Reading →

Concurrent Users on Apache Web

I’ve been working through this query and depending on the length of time you are looking back you can use one of the following two methods. Option 1 – Short time window (30 days or less) concurrent users for a span of 5 minutes.

Option 2 – Longer time window (Greater than 30 days, […]

Continue Reading →

Worldmap with unique visitors last 24 hours

Note that ‘sourceIP’ is the name for the IP field. You may already have another fieldname for that extraction. Tested on Splunk Light.

Continue Reading →

Apache access_logs status code reporting

###this query is to report on status code description#####

# Find Website Status Over time

# Reports on Webserver error 500.

# Reports on Most used Web Browsers

# Reports on most used devices / platforms

Find Out Top 10 referencing websites

Continue Reading →