I need to find user's all request times
User Time Count
testuser1 16:01:32 3
testuser1 16:01:33
testuser1 16:01:35
testuser2 16:01:31 2
testuser2 16:01:37
testuser3 16:02:21 4
testuser3 16:02:22
testuser3 16:02:24
testuser3 16:02:26
Basically try to get a user's time spent on the site over multiple requests or clicks or hits.
If you have User and Time in separate fields, you could simply search for
your base search | stats count values(Time) by User
If you have to use the event time as parsed by Splunk, you'll use _time
instead of Time
. Though you'll want to alter how _time is presented...
your base search | eval Time = strftime(_time,"%Y-%m-%d %H:%M:%S") | stats count values(Time) by User
/k
If you have User and Time in separate fields, you could simply search for
your base search | stats count values(Time) by User
If you have to use the event time as parsed by Splunk, you'll use _time
instead of Time
. Though you'll want to alter how _time is presented...
your base search | eval Time = strftime(_time,"%Y-%m-%d %H:%M:%S") | stats count values(Time) by User
/k
Thanks
that did work!