Archive

How to identify uniqe field value from a log files

Explorer

there is a logs that as same timestamp , in which i have to identify the unique user id from the logs (i,e) I have to create count of users logged in (unique user entry) count

Tags (1)
0 Karma

Communicator

<\yoursearch> | dedup userid | stats count AS "TOTAL Number of Users Logged in"

or

<\yoursearch> | stats count by userid

<\yoursearch> should have the field userid extracted out from the event. you should comment the event so that i can help you in extraction.

happy splunking
yours,
eashwar raghunathan

0 Karma

SplunkTrust
SplunkTrust

Telepathy tells me rex "whatever" | stats dc(user_id)... beyond that, what Ayn said.

0 Karma

Legend

Please give us MUCH more details about the logs, what you're trying to do, what you tried but didn't work, etc etc...

0 Karma