开发者

How to get the number of "unique" request with splunk

We are currently looking for a way to find the number of "unique" request for a given event type with splunk. Like the number of user that hit a 404, but i don't care if a us开发者_JAVA技巧er hit it twice or 10 times, I just want the number of user that had that error. Is there anyway to do that with splunk ?


Sure.

Assuming your source type is called "access_combined" and you have a status and user field defined (either by Splunk automatically, or explicitly by you via Field Extraction) your search might look like this:

sourcetype="access_combined" status="404" | dedup user | table user

OR you could try this one as well, which uses the distinct count operation:

sourcetype="access_combined" status="404" | stats dc(status) by user

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜