How to get total count and average count of users ...

prakash007 · ‎02-08-2016

I'm trying to calculate Total count and avg(count) of users on a specific file...

I don't think it's the right way to do, any help would be appreciated. Thanks.

index=web  sourcetype=web_access  refe_domain=sample.com  file="checkout.jsp"  JSESSIONID!="-"  | dedup JSESSIONID  |stats dc(trueclientip) as TotalUsers by file | stats avg(TotalUsers)

somesoni2 · ‎02-08-2016

Try something like this

index=web  sourcetype=web_access  refe_domain=sample.com  file="checkout.jsp"  JSESSIONID!="-"  | dedup JSESSIONID | bucket span=1d _time |stats dc(trueclientip) as TotalUsers by _time file | eventstats avg(TotalUsers) as AvgUsers by file

bmacias84 · ‎02-08-2016

You may want to look at the appendpipe command.

index=web  sourcetype=web_access  refe_domain=sample.com  file="checkout.jsp"  JSESSIONID!="-"  | dedup JSESSIONID  |stats dc(trueclientip) as TotalUsers by file | appendpipe [stats avg(TotalUsers)]

http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Appendpipe

prakash007 · ‎02-08-2016

It's giving me the same values under TotalUsers and avg(TotalUsers), not sure if i'm asking the question in a right way...

I'm looking for TotalUsers/day and also avg users..?

somesoni2 · ‎02-08-2016

The per day requirement is not in the question.

abhijitmishra87 · ‎02-08-2016

mcnamara - can you put down a sample event ?

How to get total count and average count of users by file name?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!