Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

App Sessions Started 24 hour average (All Time) - How to?

Rapidz
Explorer
‎03-01-2022 02:36 PM

Hey everyone,

I am trying to gauge at what time users are active on our app. I want to use data from (All time) to gather the average on a 24 hour scale. Is there a way for I can see the average time by hour. Right now this just shows the times when users login. It would be super useful for I can know how many users on average use the app by X AM/PM.

My current query is: 

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION |timechart span=1h count

This query can gather the users by hour on a 24 hour scale, but not the average from (All time).

If anyone could help, it would be greatly appreciated!

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 02:11 AM 
index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION | chart count by date_hour
0 Karma
Reply

Rapidz
Explorer
‎03-02-2022 09:04 AM

That search does not seem to work. The query I have can work for the last 24 hours. It would be great, if it could work for taking the average of all SESSIONS_STARTED across 24 hours to get a picture of when users start the app.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 09:09 AM 
index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION 
| bin _time span=1h
| stats count values(date_hour) as date_hour by _time
| chart avg(count) as average_per_hour by date_hour
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...