We are currently looking for a way to find the number of "unique" request for a given event type with splunk. Like the number of user that hit a 404, but i don't care if a us开发者_JAVA技巧er hit it twice or 10 times, I just want the number of user that had that error. Is there anyway to do that with splunk ?
Sure.
Assuming your source type is called "access_combined" and you have a status and user field defined (either by Splunk automatically, or explicitly by you via Field Extraction) your search might look like this:
sourcetype="access_combined" status="404" | dedup user | table user
OR you could try this one as well, which uses the distinct count operation:
sourcetype="access_combined" status="404" | stats dc(status) by user
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论