Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a graph that shows number of active users over time?

akblackwel
Loves-to-Learn
‎01-31-2018 09:12 AM

I'm trying to determine what hours over 7 days our ftp server has the lowest activity, or when no one is logged in.

Logging is captured by session, example below.

I'd like to produce a graph if possible that shows last 7 days number of active users over 1 hour timespan.

2018-01-31 06:28:39 110.10.10.10 - someuser [181000]quit - - 221 - - - 22 
2018-01-31 06:28:39 110.10.10.10 - someuser [181000]kick - - 421 - - - 22 
2018-01-31 06:28:39 110.10.10.10 - someuser [181000]ssh_disconnect timeout - 421 - - - 22
Tags (2)
0 Karma
Reply

nabeel652
Builder
‎01-31-2018 04:18 PM

create bins of one hours and distinct count the users - you can show this in table or bar/column graph

index=yourindex | bin span=1h _time | stats distinct_count(Username) as active_users by _time
0 Karma
Reply

davpx
Communicator
‎01-31-2018 03:37 PM

Something like

 index=foo sourcetype=bar ssh | stats count by date_hour
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...