Security

App Sessions Started 24 hour average (All Time) - How to?

Rapidz
Explorer

Hey everyone,

I am trying to gauge at what time users are active on our app. I want to use data from (All time) to gather the average on a 24 hour scale. Is there a way for I can see the average time by hour. Right now this just shows the times when users login. It would be super useful for I can know how many users on average use the app by X AM/PM.

My current query is: 

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION |timechart span=1h count

This query can gather the users by hour on a 24 hour scale, but not the average from (All time).

If anyone could help, it would be greatly appreciated!

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION | chart count by date_hour
0 Karma

Rapidz
Explorer

That search does not seem to work. The query I have can work for the last 24 hours. It would be great, if it could work for taking the average of all SESSIONS_STARTED across 24 hours to get a picture of when users start the app.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION 
| bin _time span=1h
| stats count values(date_hour) as date_hour by _time
| chart avg(count) as average_per_hour by date_hour
0 Karma
Get Updates on the Splunk Community!

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...