https://community.splunk.com/t5/Splunk-Search/Using-Splunk-to-count-within-a-search-users-to-ip-addresses/m-p/15640#M1953 <P>Hi all,</P> <P>I have logs in the following format</P> <P>2010-06-17 02:04:55 user1 ip.add.ress.here GET /mysite/mypage.html<BR /> 2010-06-17 02:04:59 user1 ip.add.ress.here POST /mysite/mypage2.html<BR /> 2010-06-17 02:05:23 user2 ip.add.ress.here GET /mysite/mypage.html<BR /></P> <P>What my question is, is there an easy way to search for all users that have logged in from multiple ip addresses, and also for all ip addresses that have been used by multiple users.</P> Thu, 17 Jun 2010 09:40:08 GMT bnolen 2010-06-17T09:40:08Z https://community.splunk.com/t5/Splunk-Search/Using-Splunk-to-count-within-a-search-users-to-ip-addresses/m-p/15640#M1953 <P>Hi all,</P> <P>I have logs in the following format</P> <P>2010-06-17 02:04:55 user1 ip.add.ress.here GET /mysite/mypage.html<BR /> 2010-06-17 02:04:59 user1 ip.add.ress.here POST /mysite/mypage2.html<BR /> 2010-06-17 02:05:23 user2 ip.add.ress.here GET /mysite/mypage.html<BR /></P> <P>What my question is, is there an easy way to search for all users that have logged in from multiple ip addresses, and also for all ip addresses that have been used by multiple users.</P> Thu, 17 Jun 2010 09:40:08 GMT https://community.splunk.com/t5/Splunk-Search/Using-Splunk-to-count-within-a-search-users-to-ip-addresses/m-p/15640#M1953 bnolen 2010-06-17T09:40:08Z https://community.splunk.com/t5/Splunk-Search/Using-Splunk-to-count-within-a-search-users-to-ip-addresses/m-p/15641#M1954 <PRE><CODE>... | stats distinct_count(ipaddress) as dcip by user | where dcip &gt; 1 </CODE></PRE> <P>and </P> <PRE><CODE>... | stats distinct_count(user) as dcu by ipaddress | where dcu &gt; 1 </CODE></PRE> <P>respectively will do it.</P> Thu, 17 Jun 2010 10:21:23 GMT https://community.splunk.com/t5/Splunk-Search/Using-Splunk-to-count-within-a-search-users-to-ip-addresses/m-p/15641#M1954 gkanapathy 2010-06-17T10:21:23Z