Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to find max number of concurrent users in a given day on the system? How do I find it for the last 90 days?

gopiz007
New Member
‎07-02-2014 08:01 PM

For example,
Date Max_No Time

7/2/14 75 13:00:00

7/1/14 66 18:00:00

index=login service=abc | timechart span="1h" dc(memberno) | rename dc(memberno) as users | sort - users | head 1

I want to split the events into bins of 1 hr for each day and find the distinct count of them for each hour. Once I do that I need to find the max for that day(out of the 24 bins).The above query gives me the maximum count for any given day. But I want to extend it to last 90 days. how can I do that? I want to plot a graph for the same.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎07-03-2014 12:54 AM

Try this:

index=login service=abc earliest=-90d@d| timechart span="1h" dc(memberno) as users | timechart span=1d max(users)
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...