Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Chart count by Duration and User name

strueblood
Explorer
‎10-04-2010 02:38 PM

I have pulled VPN logs and I'd like to report on the duration that a user has used the VPN tunnel.

I have found the event that shows a disconnected VPN session.

It has the duration information and the user name. I don't know how to create a chart that will include the user name and the duration to next to it.

I have Chart by count Duration (Duration is a field I created)

But I can't seem to put in a search string to show Username and duration next to it.

Tags (1)
0 Karma
Reply

strueblood
Explorer
‎10-04-2010 03:06 PM

That is a very good answer, that answers half my question.

I'm now getting data showing, but I want the duration next to the user name, I'm getting the duration over the top and the count next to the user name.

What would I put instead of count?

0 Karma
Reply

ftk
Motivator
‎10-04-2010 03:09 PM

I edited my answer. Have a look.

0 Karma
Reply

ftk
Motivator
‎10-04-2010 02:53 PM

You could try doing something like:

your search | chart count Username by Duration
0 Karma
Reply

strueblood
Explorer
‎10-04-2010 03:38 PM

That didn't error out but comes up with zero data. Yes, I to show a bar graph that shows user name and the duration graph next to it.

0 Karma
Reply

ftk
Motivator
‎10-04-2010 03:33 PM

Hmm, here is another edit. Lemme see if I get this right -- You want a chart (column chart?) that will show a Username and its associated duration? Or do you mean a table?

0 Karma
Reply

strueblood
Explorer
‎10-04-2010 03:19 PM

Sorry, I get this error message.

Error in 'chart' command: The specifier 'Duration' is invalid. It must be in form (). For example: max(size).

I get where you are going and I hope it can be that simple, other ideas?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...