Re: Check what URLs are called

cramery · ‎03-18-2019

New to Splunk, so a bit of a basic question

I need to have a list of all URLs that are called by the User on the PC Splunk is running on. It doesnt matter if all URLs or called by a specific application. How can I implement this to Splunk?

sduff_splunk · ‎03-18-2019

If you have data in an index such as weblogs, you would do a search such as
index=weblogs sourcetype=access_combined OR sourcetype=iis | eval full_path=uri_domain.uri_path| stats values(full_path) by user

sduff_splunk · ‎03-18-2019

Are you referring to Splunk URLs? For example, https://localhost:8000/en-US/app/search/search and https://localhost:8000/en-US/app/search/search?q=search%20index%3D*&sid=1552910209.54&display.page.s...

If so, you can run a query such as
index=_internal sourcetype=splunk_web_access | stats count by uri

cramery · ‎03-18-2019

I'm trying to get a list in Splunk when, which user called what URL ond any Website (like google.com in Google Chrome), same way as I can see all Applications called by the user.

niketn · ‎03-18-2019

Do you mean URLs internal to Splunk or a client/server with Splunk Forwarder which is trying to access external URLs?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

cramery · ‎03-18-2019

Actually I'm just trying to get a list in Splunk when, which user called what URL ond any Website (like google.com in Google Chrome), same way as I can see all Applications called by the user

Check what URLs are called

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!