| Operations over Time | Hide Query Show Query #Vendor = "island" | Vendor.message.source!="AdminAction" | timechart(span=1d, series="event.action")
| Time Chart |
| Users Performing most operations | Hide Query Show Query #Vendor = "island" | Vendor.message.source!="AdminAction" | groupBy("user.name") | rename([[user.name, "User Name"], [_count, "Count"]])
| Table |
| Blocked Operations over Time | Hide Query Show Query #Vendor = "island" | #event.outcome = "failure" | timechart(span=1d, series="event.action")
| Time Chart |
| Blocked Web Navigations per Day | Hide Query Show Query #Vendor = "island" | #event.outcome = "failure" | event.action="Navigation" | timechart(span=1d)
| Time Chart |
| Top Navigated Categories | Hide Query Show Query #Vendor = "island" | event.action="Navigation" | groupBy("Vendor.message.saasApplicationCategory")
| Bar Chart |
| Navigations per Day | Hide Query Show Query #Vendor = "island" | event.action="Navigation" | timechart(span=1d)
| Time Chart |
| Blocked Navigations by Category | Hide Query Show Query #Vendor = "island" | #event.outcome = "failure" | event.action="Navigation" | groupBy("Vendor.message.saasApplicationCategory")
| Pie Chart |
| Most Accessed Applications | Hide Query Show Query #Vendor = "island" | event.action="Navigation" | groupBy(Vendor.message.saasApplicationName)
| Pie Chart |
| Top Blocked URLs | Hide Query Show Query #Vendor = "island" | event.action="Navigation" | #event.outcome = "failure" | groupBy("url.original") | rename([[url.original, "Top Level URL"], [_count, "Count"]])
| Table |
