Skip to main content

Splunk Lantern turned 5 on May 28th. Thank you for being one of our 750,000 annual users!
Click here to join our Slack channel to tell us what you love about the site or what content you'd like to see more of.
Lantern Home

 

Splunk Lantern

Network sessions data

  1. Last updated
  2. Save as PDF

 

Network sessions data refers to the information generated and maintained during a continuous interaction between a client device (such as a computer, mobile device, or IoT device) and a server or network resource. A network session typically begins when a connection is established (for example, user login, API request, or application interaction) and ends when the connection is terminated or times out. This data is used for monitoring, managing, and analyzing network activity, security, and performance. 

Network sessions data typically includes:

  • Session ID: Unique identifier for the session
  • Timestamps: Start and end times of the session
  • User/device info: User ID, device type, IP address, etc
  • Activities: Actions performed during the session (e.g., API calls, data transfer, requests)
  • Status: Success, failure, timeout, or termination reason
  • Performance metrics: Data transferred, session duration, latency, etc

Examples of user activity log data include the following:

  • User authentication sessions: Data related to user login/logout activities
  • Web browsing sessions: Data generated from interactions with web applications or websites
  • API request sessions: Data captured during API interactions between client and server
  • VPN or secure network sessions: Data related to secure connections like VPNs or encrypted tunnels
  • IoT device sessions: Data generated by IoT devices communicating with a central server or cloud platform
  • File transfer sessions: Data related to file uploads, downloads, or transfers
  • Streaming media sessions: Data generated during audio or video streaming interactions
  • Network security sessions: Data used for monitoring and securing network connections
  • Mobile app sessions: Data related to user interactions with mobile applications
  • Real-time chat sessions: Data generated during live chat interactions.

Network session data is stored in logs or databases and analyzed using tools like Splunk, Wireshark, or ELK stack for troubleshooting, performance optimization, and security auditing. Due to its potential to contain sensitive information, network sessions data must be managed in compliance with data protection laws like GDPR, HIPAA, or CCPA.

The Splunk Common Information Model (CIM) add-on contains a Network Sessions data model with fields that describe Dynamic Host Configuration Protocol (DHCP) and Virtual Private Network (VPN) traffic, whether server:server or client:server, and network infrastructure inventory and topology. You can apply this model to your data at search time to normalize and validate the data, accelerate key data in searches and dashboards, or create new reports and visualizations with Pivot.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: