Solved: How to generate a search that

svemurilv · ‎07-05-2017

I am looking for Unique users on my Splunk search head cluster
like :

like compare the users change percentage with previous month.

earliest=-60d@d latest=@d index=_audit  NOT user=splunk-system-user NOT user=admin| timechart span=30d dc(user)

thanks advance.

DalJeanis · ‎07-05-2017

Here's one way...

earliest=-6mon@mon latest=@mon index=_audit 
NOT user=splunk-system-user NOT user=admin
| bin _time span=1mon 
| stats dc(user) as UserCount by _time
| streamstats current=f last(UserCount) as PrevCount
| eval PctIncrease= if(isnull(PrevCount),"100%", tostring(floor(100*(UserCount-PrevCount)/PrevCount))."%")

View solution in original post

DalJeanis · ‎07-05-2017

Here's one way...

earliest=-6mon@mon latest=@mon index=_audit 
NOT user=splunk-system-user NOT user=admin
| bin _time span=1mon 
| stats dc(user) as UserCount by _time
| streamstats current=f last(UserCount) as PrevCount
| eval PctIncrease= if(isnull(PrevCount),"100%", tostring(floor(100*(UserCount-PrevCount)/PrevCount))."%")

How to generate a search that

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to generate a search that

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...