Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monthly Occupancy Report with Daily Events

spodda01da
Path Finder
‎09-05-2019 10:25 PM

Hello All,

I am trying to generate a Monthly Occupancy Report of users with Daily events.

The issue is the Daily events consists of Multiple entries of a user, so I have to use "dedup user" command to get single entries every day

As running dedup command on Monthly report will give single entry of a user in a month, I am extracting reports per day and then consolidate it to get a monthly report which is time consuming.

Looking for suggestions/commands which will help to run a monthly report with Single event of a user (per day).

| lookup AD-lookup sAMAccountName as user output displayName,givenName,sn,mail,telephoneNumber,mobile,manager,department
| eval Date=strftime(_time, "%d-%m-%Y"), Time=strftime(_time, "%H:%M") | table Date,Time, user, displayName, title, department, host, Address, Subnet, Site, mail, mobile
| dedup user
| sort 0 -Date,-Time |

Thanks,

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DalJeanis
SplunkTrust
SplunkTrust
‎09-06-2019 02:07 PM

Really, you don't have to go to all that trouble.

dedup is a little more flexible than you are thinking. 

  your search that gets one or more records for each user per day for the whole month
 | table _time User
 | bin _time span=1d as Day
 | dedup User Day

The above gets you one record per User per Day.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

DalJeanis
SplunkTrust
SplunkTrust
‎09-06-2019 02:07 PM

Really, you don't have to go to all that trouble.

dedup is a little more flexible than you are thinking. 

  your search that gets one or more records for each user per day for the whole month
 | table _time User
 | bin _time span=1d as Day
 | dedup User Day

The above gets you one record per User per Day.

0 Karma
Reply
Solved! Jump to solution

spodda01da
Path Finder
‎09-12-2019 10:37 PM

Thank you, it worked

0 Karma
Reply
Get Updates on the Splunk Community!

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...