Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to identify uniqe field value from a log files

dilstn
Explorer
‎03-08-2013 01:22 AM

there is a logs that as same timestamp , in which i have to identify the unique user id from the logs (i,e) I have to create count of users logged in (unique user entry) count

Tags (1)
0 Karma
Reply

eashwar
Communicator
‎03-26-2013 07:15 AM

<\yoursearch> | dedup userid | stats count AS "TOTAL Number of Users Logged in"

or

<\yoursearch> | stats count by userid

<\yoursearch> should have the field userid extracted out from the event. you should comment the event so that i can help you in extraction.

happy splunking
yours,
eashwar raghunathan

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-08-2013 01:38 AM

Telepathy tells me rex "whatever" | stats dc(user_id)... beyond that, what Ayn said.

0 Karma
Reply

Ayn
Legend
‎03-08-2013 01:27 AM

Please give us MUCH more details about the logs, what you're trying to do, what you tried but didn't work, etc etc...

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...