Average Daily Unique category by Weekday for a pe...

deepanram211219 · ‎03-16-2016

I am creating a search that counts the daily unique category from a proxy log. I want to show the average number of unique website category by weekday over a month.

My issue is that I have created a successful search for 1 category but need to know how to count for different category over week days and show them on one chart.

My query:

Host=proxy1 category=business-and-economy | bin span=1d _time | stats count dc(_time) as days by date_wday | eval average_count = count / days

Sebastian2 · ‎03-16-2016

I'm not sure if I understood correctly what you are trying, but have you tried:

Host=proxy1 category=* | bin span=1d _time | stats count dc(_time) as days by date_wday, category | eval average_count = count / days

deepanram211219 · ‎03-16-2016

Thanks for your reply, let me be more clear. I want to create a stacked column chart as shown below. With each colour representing a different category with the (AVG)weekday count superimposed on them.

deepanram211219 · ‎03-16-2016

I ran the following query and ended up with the below result. But I would like to know how I can get the result for other categories on the same chart?

host=proxy1 category=business-and-economy | bucket _time span=1d | stats avg(count) dc(_time) as days by date_wday | eval average_count = count / days

Average Daily Unique category by Weekday for a period of 1 month

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life