Re: How to create a graph that shows number of act...

akblackwel · ‎01-31-2018

I'm trying to determine what hours over 7 days our ftp server has the lowest activity, or when no one is logged in.

Logging is captured by session, example below.

I'd like to produce a graph if possible that shows last 7 days number of active users over 1 hour timespan.

2018-01-31 06:28:39 110.10.10.10 - someuser [181000]quit - - 221 - - - 22 
2018-01-31 06:28:39 110.10.10.10 - someuser [181000]kick - - 421 - - - 22 
2018-01-31 06:28:39 110.10.10.10 - someuser [181000]ssh_disconnect timeout - 421 - - - 22

nabeel652 · ‎01-31-2018

create bins of one hours and distinct count the users - you can show this in table or bar/column graph

index=yourindex | bin span=1h _time | stats distinct_count(Username) as active_users by _time

davpx · ‎01-31-2018

Something like

 index=foo sourcetype=bar ssh | stats count by date_hour

How to create a graph that shows number of active users over time?

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!