Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Total Logon Count for Each month

carlyleadmin
Contributor
‎07-09-2019 02:02 PM

Hello Splunk Gurus

I need help with the following. I am sure it is pretty simple command but my head stopped working. i have the following search that brings up the total logon count in 1month span in table format for the last 2 months. How do i create a chart or timechart from this? (total number of logons by each month)

Message="An account was successfully logged on." | bucket _time span=30d | search Message="An account was successfully logged on." AND Source_Port="0"|stats count(Message) AS "Total_Logon_Count" by _time | convert timeformat="%B %d %Y" ctime(_time) | rename _time AS Date |table Date Total_Logon_Count

alt text

thanks in advance for all the help!

Tags (1)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jimmytpowers
Path Finder
‎07-09-2019 03:56 PM

You should consider reworking your search using the timechart command instead of table and stats:

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Timechart?r=searchtip

Once this is done, Returned statistics can be displayed as a visualization via the GUI, you can find information about that here :

https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchTutorial/Chartasareport

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jimmytpowers
Path Finder
‎07-09-2019 03:56 PM

You should consider reworking your search using the timechart command instead of table and stats:

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Timechart?r=searchtip

Once this is done, Returned statistics can be displayed as a visualization via the GUI, you can find information about that here :

https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchTutorial/Chartasareport

0 Karma
Reply
Solved! Jump to solution

carlyleadmin
Contributor
‎07-10-2019 09:34 AM

Thanks Jimmy

0 Karma
Reply
Solved! Jump to solution

jimmytpowers
Path Finder
‎07-10-2019 05:16 PM

You are very welcome!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...