Find the string and the number of occurences

gowthamjs · ‎02-05-2018

Hi,

I have a log file that has a set of information about some users. Each of the users have an id and the same is logged to the file when they login to the application. I am trying to figure the best way to find the number of visits made by users everyday. Please let me know, if you have any thoughts on the same. Thanks!

mayurr98 · ‎02-05-2018

I think you want something like this

Suppose you have a field called id which is having all the users list. Also having the unique_keyword when they login to the application.
In that case if you want the number of number of occurrences for the particular id everyday then you can try something like this

index=<your_index> | timechart span=1d count by id

If id field is not extracted then you have to write regex for it.

Let me know if this helps!

gowthamjs · ‎02-05-2018

Hi,

In my case, only unique id is logged when a user logs in and it may be the same even if user logs in multiple times. I am trying to get the number of visits made by each user in a given day.

Thanks,
Gowtham

mayurr98 · ‎02-05-2018

then try this

index=<your_index> <unique_keyword_for_login_from_the_event> | stats  count(unique_id) as count by unique_id

mayurr98 · ‎02-05-2018

could you please share some sample events? and tell us what do you want to achieve. It is very difficult to understand the above description. you can anonymize any important data in the event.

Find the string and the number of occurences

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms