×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Labuser43
Engager
Member since: ‎10-14-2024
‎10-18-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-14-2024
View All

Re: Trying to look for sessions with login and log...

by in Splunk Search
‎10-14-2024 10:05 PM
‎10-14-2024 10:05 PM
@inventsekar my requirement is to get SESSION_IDs where both login AND logout occur in that session. To explain more, let's use an example of a session that would fit this criteria:   OPERATION SESSION_ID login 1234 add_to_cart 1234 checkout 1234 logout 1234   If I use OR, I think it may return a session that only has login or logout. ... View more

Trying to look for sessions with login and logout ...

by in Splunk Search
‎10-14-2024 08:29 PM
‎10-14-2024 08:29 PM
Hello, I'm just trying to learn SPL and am currently trying to find all sessions with login and logout requests, identified by the SESSION_ID field. So basically I'm trying to find all SESSION_ID values where within the session the user performs a login and logout operation. Coming from the relational database world, my first step was to write some sort of join operation but I quickly found out that joins are not the best thing to do in Splunk.  This is what I tried:   index=allsessions "*login*" | join type=inner left=L right=R where L.SESSION_ID=R.SESSION_ID [search index=allsessions "*logout*"]   Can someone help me write a better query for the above problem? Thanks! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-18-2024 05:28 PM
Karma given to
View All