All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to cluster user based on number of jobs run in Splunk Machine Learning Toolkit?

jcvytla
New Member
‎03-29-2018 09:16 AM

I have around 300 different users and I wanted to cluster them based on a number of jobs run. Can you please let me know how can I based the number of jobs run?

And what if I wanted to cluster them on an hourly scale when we have required fields?

0 Karma
Reply

deepashri_123
Motivator
‎03-30-2018 09:50 PM

Hey@jcvytla,

Can you try something like this:

index=_audit action=search info=granted search=* NOT "search_id='scheduler" NOT "search='|history" NOT "user=splunk-system-user" NOT "search='typeahead" NOT "search='| metadata type=* | search totalCount>0" |table user search maxtime timestamp
And later you may add timechart as per your requirement.

Let me know if this helps!!

0 Karma
Reply

jcvytla
New Member
‎04-05-2018 10:52 AM

Thanks for your solution. But, It does't seem to work. I don't get any error but data is not being populated.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...