Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to get statistics from the same session wi...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to get statistics from the same session with multiple events?
gumarovv
New Member
04-15-2019
01:22 PM
There are multiple events with 1 same field - unique_session, how to combine and count events from that unique session and get statistical data?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grittonc
Contributor
04-15-2019
04:15 PM
Some sample events and your desired outcome would be helpful.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Vijeta
Influencer
04-15-2019
01:51 PM
You can do
index=<your index>| stats count by user unique_session
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gumarovv
New Member
04-15-2019
01:55 PM
this search will return all events - I need just the once that has same unique_session
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grittonc
Contributor
04-15-2019
01:31 PM
| transaction unique_session
will tell you how many events there are and how long the session lasted.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gumarovv
New Member
04-15-2019
01:45 PM
I am getting results but it seems like not exactly correct ones. I am trying to combine and count event1 and event2 with same unique_session. But getting counts where only event2 or event1 are present
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gumarovv
New Member
04-15-2019
01:47 PM
example of a search
event1=1 OR event2=2
| transaction unique_session
| stats count by user
Result returns users with event1 and event2
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Thanks for the Memories! Splunk University, .conf25, and our Community
Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...
Data Persistence in the OpenTelemetry Collector
This blog post is part of an ongoing series on OpenTelemetry.
What happens if the OpenTelemetry collector ...
Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever
Now On Demand
Whether you're managing complex deployments or looking to future-proof your data ...
