Splunk Search

How to get a count of daily active users in the last 3 days?

rob9mcneil9
Engager

Hi All,

I'm new to Splunk and new to get a count of the daily active users in the last 3 days.
Users in our system are tracked by phoneID.
How would I go about doing that?

Tags (3)
0 Karma

sundareshr
Legend

Assuming you have the data in splunk, try this

base search earliest=-3d@d | timechart span=1d dc(phoneID) as "Active Users"
0 Karma

JDukeSplunk
Builder

If you could post some sample data that would help the community help you.

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...