A possible way to Log User- and Page-Access in Confluence is via the Event system - using Adaptavist's Scriptrunner for Confluence.
This ways has Pros and Cons - read Access Logging in Confluence. On Pro is that the POST to Splunk in in the backend; so we dont need to open for the receiving system in the Firewall
My site is mainly external as a website, with only one internal user, myself "bnp". In that situation, the PageViewEvent is not so interesting as if this was an internal system with multiple users.
Currently, I have found no way to correlate bot/spider/monitoring hits from the real PageViews.
Also, PageViewEvents only occur when a page is rendered and this gives back HTTP Code "200 OK" to the client. See Different Loggings for different logging compares.
We do POST a json like this to Elasticsearch at URL http://elkserver1:9200/webaccess/pageevent/
This will create an index named "webacecss" and give out data the type "pageevent"
this executes this script for every PageViewEvent:
Currently I can search the data in Elasticsearch, due to a problem with the timestamp and mapping. It seems the Timestamp is not searchable/aggregatable ... a Mapping issue