IT Operations Discussions
All the up-time. All the nines.

Finding avarage event count by time

Tankwell
Explorer

Hey all,

Are you familiar with a way to find average event count by time?

I have an events that represents user logins.

I have to find a sequence of a few days in a raw with event count larger than 0 by username
I tried to do it with timechart command

<my search> | timechart span=1d count by username


and than to do an avg / another stat function like median on the count field, but it didn't lead to any results....

My goal is to get list of usernames which tried to access a few days in a row

Any Help?

0 Karma
1 Solution

scelikok
SplunkTrust
SplunkTrust

Hi @Tankwell,

Since you do not have username fields after timechart command , you cannot get any result. Please try below;

| bin _time span=1d 
| stats count by username _time 
| timechart avg(count) by username
If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

scelikok
SplunkTrust
SplunkTrust

Hi @Tankwell,

Since you do not have username fields after timechart command , you cannot get any result. Please try below;

| bin _time span=1d 
| stats count by username _time 
| timechart avg(count) by username
If this reply helps you an upvote and "Accept as Solution" is appreciated.

Tankwell
Explorer

Hey,

Thanks for the fast reply 🙂

It seems to do the work  - the bin function has aggregated the events well

After that I could use the stats command successfully

Thanks 😀

Tankwell

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...