I am trying to average calculate the time between web log entries. If an IP on the network visits the same URL multiple times in a given time period we want to calculate the average time between visits. I cant really do a transaction (at least I dont think so) because the events are the same..no begin or end.
I have a search that groups the IP's that visit a URL more than once and also grabs the log entries for each time the URL is visited.
The fields in the output are:
Timestamp, Src_IP, URL, Count
Now for the fun part. Once average time is calculated we want to calculate standard deviation.
Any help would be greatly appreciated!
Time Stamps 1 day early? 1 Answer
How Can I customize Time 1 Answer
Start time search in splunk 1 Answer