Splunk Search

Average Daily Unique category by Weekday for a period of 1 month

deepanram211219
New Member

I am creating a search that counts the daily unique category from a proxy log. I want to show the average number of unique website category by weekday over a month.

My issue is that I have created a successful search for 1 category but need to know how to count for different category over week days and show them on one chart.

My query:

Host=proxy1 category=business-and-economy | bin span=1d _time | stats count dc(_time) as days by date_wday | eval average_count = count / days

Tags (1)
0 Karma

Sebastian2
Path Finder

I'm not sure if I understood correctly what you are trying, but have you tried:

Host=proxy1 category=* | bin span=1d _time | stats count dc(_time) as days by date_wday, category | eval average_count = count / days
0 Karma

deepanram211219
New Member

Thanks for your reply, let me be more clear. I want to create a stacked column chart as shown below. With each colour representing a different category with the (AVG)weekday count superimposed on them.

alt text

0 Karma

deepanram211219
New Member

I ran the following query and ended up with the below result. But I would like to know how I can get the result for other categories on the same chart?

host=proxy1 category=business-and-economy | bucket _time span=1d | stats avg(count) dc(_time) as days by date_wday | eval average_count = count / days

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...