Splunk search for Splunk web users

Copy


			index=_internal sourcetype=splunk_web_access
 [ rest / splunk_server=local
 | fields splunk_server
 | rename splunk_server as host ]
 | bin _time span=1d
 | stats count by date_hour _time
 | appendpipe [ fields _time
 | dedup _time
 | eval date_hour=mvrange(0,24,1)
 | eval count=0
 | mvexpand date_hour ]
 | stats sum(count) as count by date_hour _time
 | stats avg(count) as avg by date_hour | eval avg=round(avg)
 | sort date_hour | rename date_hour as "Hour of the day", avg as "Average hits on Splunk Web"

This Splunk search will provide a chart showing the number of times Splunk web was accessed by hour of the day. The results of this search are best viewed as a line chart or a column chart. This search can be helpful for identifying when Splunk is being most utilized.

0 comments

[0]

Category:

General Splunk

Tags:

Admin general internal

Search Commands: