Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

App Sessions Started 24 hour average (All Time) - How to?

Rapidz
Explorer
‎03-01-2022 02:36 PM

Hey everyone,

I am trying to gauge at what time users are active on our app. I want to use data from (All time) to gather the average on a 24 hour scale. Is there a way for I can see the average time by hour. Right now this just shows the times when users login. It would be super useful for I can know how many users on average use the app by X AM/PM.

My current query is: 

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION |timechart span=1h count

This query can gather the users by hour on a 24 hour scale, but not the average from (All time).

If anyone could help, it would be greatly appreciated!

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 02:11 AM 
index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION | chart count by date_hour
0 Karma
Reply

Rapidz
Explorer
‎03-02-2022 09:04 AM

That search does not seem to work. The query I have can work for the last 24 hours. It would be great, if it could work for taking the average of all SESSIONS_STARTED across 24 hours to get a picture of when users start the app.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 09:09 AM 
index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION 
| bin _time span=1h
| stats count values(date_hour) as date_hour by _time
| chart avg(count) as average_per_hour by date_hour
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...