Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Find the string and the number of occurences

gowthamjs
New Member
‎02-05-2018 10:26 PM

Hi,

I have a log file that has a set of information about some users. Each of the users have an id and the same is logged to the file when they login to the application. I am trying to figure the best way to find the number of visits made by users everyday. Please let me know, if you have any thoughts on the same. Thanks!

0 Karma
Reply

mayurr98
Super Champion
‎02-05-2018 11:03 PM

I think you want something like this

Suppose you have a field called id which is having all the users list. Also having the unique_keyword when they login to the application.
In that case if you want the number of number of occurrences for the particular id everyday then you can try something like this

index=<your_index> | timechart span=1d count by id

If id field is not extracted then you have to write regex for it.

Let me know if this helps!

0 Karma
Reply

gowthamjs
New Member
‎02-05-2018 11:20 PM

Hi,

In my case, only unique id is logged when a user logs in and it may be the same even if user logs in multiple times. I am trying to get the number of visits made by each user in a given day.

Thanks,
Gowtham

0 Karma
Reply

mayurr98
Super Champion
‎02-05-2018 11:25 PM

then try this

index=<your_index> <unique_keyword_for_login_from_the_event> | stats  count(unique_id) as count by unique_id
0 Karma
Reply

mayurr98
Super Champion
‎02-05-2018 10:44 PM

could you please share some sample events? and tell us what do you want to achieve. It is very difficult to understand the above description. you can anonymize any important data in the event.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...