We are using splunk to log all the mail that goes out thru our webmail system. What I am looking to do is find the average number of messages that our top 10 users from each of our webmail pods send out each day. With the following search, I am able to get the average for whatever time frame I choose in the dropdown, but I haven't been able to figure out how to get a daily average over a week.
sourcetype="wbeout" pod="13" action="ACCEPT" | top limit=10 account | stats avg(count)
For instance, I just did that, I get 1 result with avg(count)
1. 1255.00000
So over 24 hours our top 10 accounts averaged sending 1255 messages each. What I am looking to do is get a report of the past 7 days what the average per day was.
Hi,
you'll need to get separate top
data per day (in my example I use the builtin date_mday
field), and then do the averages.
sourcetype="wbeout" pod="13" action="ACCEPT" | top limit=10 account by date_mday | stats avg(count) by date_mday
Hope this helps,
Kristian
Hi,
you'll need to get separate top
data per day (in my example I use the builtin date_mday
field), and then do the averages.
sourcetype="wbeout" pod="13" action="ACCEPT" | top limit=10 account by date_mday | stats avg(count) by date_mday
Hope this helps,
Kristian
Awesome, this is what I was looking for. Thank you very much.