Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need simple search help

jayrodef
Explorer
‎03-29-2011 01:18 PM

Hello all, I haven't taken as much time to understand the splunk search capabilities as I should. I'm reading up today, however I need to get this search functional is quickly as possible. Basically, I have data with a User and DeviceId which have many events. I'd like to get a search that shows User with DeviceId per hour and the number of events, so something like:

1pm

testuser deviceID123 200events

2pm testuser2 deviceID456 100 events

I'm not sure if that'll explain it or if you need more detail. Appreciate any help you can offer, thanks.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

fox
Path Finder
‎03-29-2011 01:41 PM

index= | eval user_device=userid."_".deviceid | timechart span=1h count by user_device

View solution in original post

Reply
Solved! Jump to solution
Solution

fox
Path Finder
‎03-29-2011 01:41 PM

index= | eval user_device=userid."_".deviceid | timechart span=1h count by user_device

Reply
Solved! Jump to solution

jayrodef
Explorer
‎03-29-2011 01:53 PM

Thanks so much, you guys are quick. I'm actually reading through that link now. Thanks again.

0 Karma
Reply
Solved! Jump to solution

southeringtonp
Motivator
‎03-29-2011 01:42 PM

Also take a look at the Search Reference and the included cheat sheet - http://www.splunk.com/base/Documentation/latest/SearchReference/SearchCheatsheet

Reply
Solved! Jump to solution

fox
Path Finder
‎03-29-2011 01:41 PM

index= insert your index name here

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...