开发者

How to get the number of "unique" request with splunk

开发者 https://www.devze.com 2023-03-28 22:44 出处:网络
We are currently looking for a way to find the number of \"unique\" request for a given event type with splunk.

We are currently looking for a way to find the number of "unique" request for a given event type with splunk. Like the number of user that hit a 404, but i don't care if a us开发者_JAVA技巧er hit it twice or 10 times, I just want the number of user that had that error. Is there anyway to do that with splunk ?


Sure.

Assuming your source type is called "access_combined" and you have a status and user field defined (either by Splunk automatically, or explicitly by you via Field Extraction) your search might look like this:

sourcetype="access_combined" status="404" | dedup user | table user

OR you could try this one as well, which uses the distinct count operation:

sourcetype="access_combined" status="404" | stats dc(status) by user

0

精彩评论

暂无评论...
验证码 换一张
取 消