Security

How to search average sessions started by hour?

Rapidz
Explorer

Hey, 

I am dealing with data from an app, and I am trying to figure out how to see what times of the day our app is most popular by hour. Im not sure how I can get an average of what times are popular of when users start the app.

If anyone could help, it would be greatly appreciated!

Heres the query I have been using to see users starting sessions:

 

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION

 

Thanks!

Labels (1)
0 Karma

somesoni2
Revered Legend

Try something like this to find top 5 hours based on session start

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION
| bucket span=1d _time 
| stats count by _time | sort 5 -count
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Use a timechart to get the session counts for each hour.  Then switch to the visualization tab to see the peaks.

index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION
| timechart span=1h count
---
If this reply helps you, Karma would be appreciated.

Rapidz
Explorer

Hey,

Is there a way for I can see the average time by hour. Right now this just shows the times when users login. It would be super useful for I can know how many users on average use the app by X AM/PM.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

you could use e.g. timechart with span=1h or stats/chart and before it bin span=1h _time.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...