Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Find the string and the number of occurences

gowthamjs
New Member
‎02-05-2018 10:26 PM

Hi,

I have a log file that has a set of information about some users. Each of the users have an id and the same is logged to the file when they login to the application. I am trying to figure the best way to find the number of visits made by users everyday. Please let me know, if you have any thoughts on the same. Thanks!

0 Karma
Reply

mayurr98
Super Champion
‎02-05-2018 11:03 PM

I think you want something like this

Suppose you have a field called id which is having all the users list. Also having the unique_keyword when they login to the application.
In that case if you want the number of number of occurrences for the particular id everyday then you can try something like this

index=<your_index> | timechart span=1d count by id

If id field is not extracted then you have to write regex for it.

Let me know if this helps!

0 Karma
Reply

gowthamjs
New Member
‎02-05-2018 11:20 PM

Hi,

In my case, only unique id is logged when a user logs in and it may be the same even if user logs in multiple times. I am trying to get the number of visits made by each user in a given day.

Thanks,
Gowtham

0 Karma
Reply

mayurr98
Super Champion
‎02-05-2018 11:25 PM

then try this

index=<your_index> <unique_keyword_for_login_from_the_event> | stats  count(unique_id) as count by unique_id
0 Karma
Reply

mayurr98
Super Champion
‎02-05-2018 10:44 PM

could you please share some sample events? and tell us what do you want to achieve. It is very difficult to understand the above description. you can anonymize any important data in the event.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...