Solved: data filtering(?) question

hylee · ‎07-02-2013

Hi,
In our website, all the visitors get SESSION_ID.

for example,
[no=1 visit_time=2013/07/02 09:30:30 session_id=aaa]
[no=2 visit_time=2013/07/02 09:35:30 session_id=aaa]
[no=3 visit_time=2013/07/02 09:40:30 session_id=bbb]
[no=4 visit_time=2013/07/02 09:50:30 session_id=ccc]

When index to SPLUNK, search result(count) is "4".

"no=1..." and "no=2..." are same people.
In this case, this people visited two times our website in 10 minutes.

Q)
If someone visit several times(ex. 3 times) in 10 minutes, is there a way to see the result(count) as "1"?

adityapavan18 · ‎07-03-2013

I guess you could use transaction command on session_id with max span and do a count like

|transaction session_id maxspan=10m | stats count

this might work!!

View solution in original post

adityapavan18 · ‎07-03-2013

I guess you could use transaction command on session_id with max span and do a count like

|transaction session_id maxspan=10m | stats count

this might work!!

hylee · ‎07-03-2013

Thank you so much!! I solved it!!

data filtering(?) question

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation