Chart count by Duration and User name

strueblood · ‎10-04-2010

I have pulled VPN logs and I'd like to report on the duration that a user has used the VPN tunnel.

I have found the event that shows a disconnected VPN session.

It has the duration information and the user name. I don't know how to create a chart that will include the user name and the duration to next to it.

I have Chart by count Duration (Duration is a field I created)

But I can't seem to put in a search string to show Username and duration next to it.

strueblood · ‎10-04-2010

That is a very good answer, that answers half my question.

I'm now getting data showing, but I want the duration next to the user name, I'm getting the duration over the top and the count next to the user name.

What would I put instead of count?

ftk · ‎10-04-2010

I edited my answer. Have a look.

ftk · ‎10-04-2010

You could try doing something like:

your search | chart count Username by Duration

strueblood · ‎10-04-2010

That didn't error out but comes up with zero data. Yes, I to show a bar graph that shows user name and the duration graph next to it.

ftk · ‎10-04-2010

Hmm, here is another edit. Lemme see if I get this right -- You want a chart (column chart?) that will show a Username and its associated duration? Or do you mean a table?

strueblood · ‎10-04-2010

Sorry, I get this error message.

Error in 'chart' command: The specifier 'Duration' is invalid. It must be in form (). For example: max(size).

I get where you are going and I hope it can be that simple, other ideas?

Chart count by Duration and User name

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!