Solved: How to track number of requests by time made by us...

satyannair · ‎03-22-2013

I need to find user's all request times

User Time Count

testuser1 16:01:32 3

testuser1 16:01:33

testuser1 16:01:35

testuser2 16:01:31 2

testuser2 16:01:37

testuser3 16:02:21 4

testuser3 16:02:22

testuser3 16:02:24

testuser3 16:02:26

Basically try to get a user's time spent on the site over multiple requests or clicks or hits.

kristian_kolb · ‎03-22-2013

If you have User and Time in separate fields, you could simply search for

your base search | stats count values(Time) by User

If you have to use the event time as parsed by Splunk, you'll use _time instead of Time. Though you'll want to alter how _time is presented...

your base search | eval Time = strftime(_time,"%Y-%m-%d %H:%M:%S") | stats count values(Time) by User

/k

View solution in original post

kristian_kolb · ‎03-22-2013

If you have User and Time in separate fields, you could simply search for

your base search | stats count values(Time) by User

If you have to use the event time as parsed by Splunk, you'll use _time instead of Time. Though you'll want to alter how _time is presented...

your base search | eval Time = strftime(_time,"%Y-%m-%d %H:%M:%S") | stats count values(Time) by User

/k

satyannair · ‎03-22-2013

Thanks
that did work!

How to track number of requests by time made by user

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio