cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sflisher
Explorer
Member since: ‎05-20-2010
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎05-20-2010
Activity Feed
View All

addcoltotals is included in y axis scale for a cha...

by in Splunk Search
‎06-02-2010 10:39 AM
1 Karma
‎06-02-2010 10:39 AM
1 Karma
Hi experts, I would like to know if it is possible to exclude the result of 'addcoltotals' from the y axis scale. As far as I can see the chart range for the y axis scale will cover the range of results for output of a search. When the addcoltotals is used the value of the column total is included in the calculation of the y axis scale effectively making it show a much higher value than is necessary and thus distorts the view of the chart. Thanks for help in advance. ... View more

Re: Squid Log Analysis - Calculate total number of...

by in Splunk Search
‎05-23-2010 05:06 AM
‎05-23-2010 05:06 AM
Thanks. Exactly what I was looking for. ... View more

Re: Squid Log Analysis - Calculate total number of...

by in Splunk Search
‎05-21-2010 08:12 AM
‎05-21-2010 08:12 AM
cool, thanks that is working well. And so simple 🙂 So for a single user it works. If I want a table of all users (I have less than 40) then I can use the following: sourcetype="squid_access" | timechart span=1m count by sq_user limit=40 But again if I want a total of the number of minutes using '| where count > 0 | stats count' then it returns 0 results. Actually the '| where count > 0' itself returns 0 results. Should there be a solution to reporting on all users together then I would want to chart sq_user and the total number of minutes per day, possible by a 24 hour period over a given date range. Thanks in advance for your help. ... View more

Squid Log Analysis - Calculate total number of 'ti...

by in Splunk Search
‎05-20-2010 01:28 PM
‎05-20-2010 01:28 PM
Hi All, I am using splunk to analyse squid logs and my goal is to identify how many minutes of the day a client ip or user is accessing the Internet (via squid) and report against it. I already have the following: sourcetype="squid_access" sq_user="username" | eval mb = round(sq_bytes/1024/1024) | timechart span=5m count sum(mb) This will report the number of events found in the log over a 5 min time span and the amount of MB downloaded. I would like to summarise this report further and calculate how many of the '5 minute timespans' have events. (The timespan could of course be 1 minute which may make the maths easier.). This will allow me to report how many minutes as user has been browsing. So the calculation would need to be a sum of all timespans that have events > 0. I am not necessarily interested in the number of events because the user is ether surfing or not... I may also choose a low number of events as a threshold to exclude open web pages that have some background activity, e.g. events > 5 or events > 10. Any idea if this is possible. Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All