Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get a count of daily active users in the last 3 days?

rob9mcneil9
Engager
‎09-29-2016 06:11 AM

Hi All,

I'm new to Splunk and new to get a count of the daily active users in the last 3 days.
Users in our system are tracked by phoneID.
How would I go about doing that?

Tags (3)
0 Karma
Reply

sundareshr
Legend
‎09-29-2016 08:32 AM

Assuming you have the data in splunk, try this

base search earliest=-3d@d | timechart span=1d dc(phoneID) as "Active Users"
0 Karma
Reply

JDukeSplunk
Builder
‎09-29-2016 07:09 AM

If you could post some sample data that would help the community help you.

Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...