Splunk Search

Daily Average Count from the past 7 day period

jthomasc
Loves-to-Learn

Current query,  this shows the how many successful login attempts there have been.

index=abc granttype=mobile
| fields subjectid, message | search message="*Token Success*"
| stats count

I am now looking to create a panel to show the daily average amount of successful login attempts across 7 days. Is anyone able to help me with  query please? 


 

 

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @jthomasc ,

at first, put all the search terms in the main search to have more performant searches.

then you have to use the timechart command, something like this:

index=abc granttype=mobile message="*Token Success*"
| timechart span=1d avt(count) AS avg

Ciao.

Giuseppe

0 Karma

jthomasc
Loves-to-Learn

Thanks for your speedy response and for helping me out @gcusello . Unfortunately, the average does not seem to return for this, any idea why? 

I'm essentially trying to get a Status Indicator Panel for this stat, like shown below.

 

Capture.PNGCapture1.PNG

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...