Security

How to search average sessions started by hour?

Rapidz
Explorer

Hey, 

I am dealing with data from an app, and I am trying to figure out how to see what times of the day our app is most popular by hour. Im not sure how I can get an average of what times are popular of when users start the app.

If anyone could help, it would be greatly appreciated!

Heres the query I have been using to see users starting sessions:

 

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION

 

Thanks!

Labels (1)
0 Karma

somesoni2
Revered Legend

Try something like this to find top 5 hours based on session start

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION
| bucket span=1d _time 
| stats count by _time | sort 5 -count
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Use a timechart to get the session counts for each hour.  Then switch to the visualization tab to see the peaks.

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION
| timechart span=1h count
---
If this reply helps you, Karma would be appreciated.

Rapidz
Explorer

Hey,

Is there a way for I can see the average time by hour. Right now this just shows the times when users login. It would be super useful for I can know how many users on average use the app by X AM/PM.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

you could use e.g. timechart with span=1h or stats/chart and before it bin span=1h _time.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...