How to get total count and average count of users ...

prakash007 · ‎02-08-2016

I'm trying to calculate Total count and avg(count) of users on a specific file...

I don't think it's the right way to do, any help would be appreciated. Thanks.

index=web  sourcetype=web_access  refe_domain=sample.com  file="checkout.jsp"  JSESSIONID!="-"  | dedup JSESSIONID  |stats dc(trueclientip) as TotalUsers by file | stats avg(TotalUsers)

somesoni2 · ‎02-08-2016

Try something like this

index=web  sourcetype=web_access  refe_domain=sample.com  file="checkout.jsp"  JSESSIONID!="-"  | dedup JSESSIONID | bucket span=1d _time |stats dc(trueclientip) as TotalUsers by _time file | eventstats avg(TotalUsers) as AvgUsers by file

bmacias84 · ‎02-08-2016

You may want to look at the appendpipe command.

index=web  sourcetype=web_access  refe_domain=sample.com  file="checkout.jsp"  JSESSIONID!="-"  | dedup JSESSIONID  |stats dc(trueclientip) as TotalUsers by file | appendpipe [stats avg(TotalUsers)]

http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Appendpipe

prakash007 · ‎02-08-2016

It's giving me the same values under TotalUsers and avg(TotalUsers), not sure if i'm asking the question in a right way...

I'm looking for TotalUsers/day and also avg users..?

somesoni2 · ‎02-08-2016

The per day requirement is not in the question.

abhijitmishra87 · ‎02-08-2016

mcnamara - can you put down a sample event ?

How to get total count and average count of users by file name?

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability