Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to count the number of file transferred within one month by an user id using particular file and display?

supriyagaw08
Explorer
‎11-23-2020 02:49 AM

how to count the number of file transferred within one month by an user id using particular file and display events in below manner:
username filename count_of_files_tras_in1day count_of_files_trasferred_in_1week count_of_files_trasferred_in_1mon

Labels (3)
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-23-2020 03:09 AM

What data do you have in your events?

0 Karma
Reply

supriyagaw08
Explorer
‎11-23-2020 09:18 PM

I have file transfers events , I have got the first part of code but filtering it and displaying it based upon the count of file transfers in one day, one week and one month is where i am facing issue.

 

|bucket span=1mon _time
| eval day=strftime(_time,"%Y-%m-%d")
| eval week=strftime(_time, "%V")
| eval w_month=strftime(_time, "%d/%m")
|stats count(BASE_filename) as oneday by day | stats count(BASE_filename) as oneweek by week|stats count(BASE_filename) as onemonth by w_month

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...