Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

search for Count of users per minute for a hour

ma_anand1984
Contributor
‎05-30-2012 08:32 AM

user activities are captured in _audit index. Using this i would like to see how many users are active on a given minute for an hour. I tried this

index=_audit | dedup user | timechart span = "1m" count(user)

but dedup worked on the whole time frame instead of every minute. Any help would be appreciated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ma_anand1984
Contributor
‎06-13-2012 10:52 PM

This is the answer for the requirement i had
index=_audit | timechart span="1m" dc(user)| rename dc(user) as "Concurrent User"

View solution in original post

Reply
Solved! Jump to solution
Solution

ma_anand1984
Contributor
‎06-13-2012 10:52 PM

This is the answer for the requirement i had
index=_audit | timechart span="1m" dc(user)| rename dc(user) as "Concurrent User"

Reply
Solved! Jump to solution

sdaniels
Splunk Employee
Splunk Employee
‎06-07-2012 10:42 AM

Did this work for you?

0 Karma
Reply
Solved! Jump to solution

sdaniels
Splunk Employee
Splunk Employee
‎05-30-2012 09:11 AM

What if you do the following:

... | bucket span=1m _time | dedup user, _time | timechart ...

Reply
Solved! Jump to solution

ma_anand1984
Contributor
‎05-30-2012 08:34 AM

I want some thing like this

time user count
1m 5
2m 3
3m 20

etc

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...