Hi,
I am completely new to Splunk and I have a specific need to address so please be patient with my newbie incompetence!
I have a list of servers that for each hour records the users who were active on that server, I need to be able to get a unique count of the users across all of the servers during each 1 hour period. Where do I start?
WAS,PROD 1,2018-06-01 02:00:00+00:00,6,user1 user2 user3 user4 user5 user6
WAS,PROD 2,2018-06-01 02:00:00+00:00,5,user1 user2 user5 user7 user8
WAS,PROD 3,2018-06-01 02:00:00+00:00,5,user2 user3 user4 user5 user7
So the servers are PROD 1, 2 & 3, the date timestamp and then the users. The answer I want in this case is 8, the actual data covers an entire month and several thousand unique users.
Where do I start with this?
Thanks
Neal
... View more