We are using splunk to log all the mail that goes out thru our webmail system. What I am looking to do is find the average number of messages that our top 10 users from each of our webmail pods send out each day. With the following search, I am able to get the average for whatever time frame I choose in the dropdown, but I haven't been able to figure out how to get a daily average over a week.
sourcetype="wbeout" pod="13" action="ACCEPT" | top limit=10 account | stats avg(count)
For instance, I just did that, I get 1 result with avg(count)
1. 1255.00000
So over 24 hours our top 10 accounts averaged sending 1255 messages each. What I am looking to do is get a report of the past 7 days what the average per day was.
... View more