The following Splunk query will return a summary of weekend activity for a given IIS hosted website. sourcetype=”iis” (date_wday=saturday OR date_wday=sunday) | stats count(JSESSIONID) as Value | eval Metric=”Total Hits on Weekends” | append [ search sourcetype=”iis” (date_wday=saturday OR date_wday=sunday) | stats dc(JSESSIONID) as Value | eval Metric=”Total Visits on Weekends”] | append [ search […]
Average Duration of a Session within an IIS Web Environment
This query will report back the average duration of a session within an IIS web environment. The time format will be HH:MM:SS sourcetype=”iis” | stats range(_time) as duration by JSESSIONID | stats avg(duration) as AVG | fieldformat AVG=tostring(AVG,”duration”) | eval AVG=round(AVG, 0)
Median Duration of a Session within an IIS Web Environment
This query will report back the median duration of a session within an IIS web environment. The time format will be HH:MM:SS sourcetype=”iis” | stats range(_time) as duration by JSESSIONID | stats median(duration) as AVD | fieldformat AVD=tostring(AVD,”duration”) | eval AVD=round(AVD, 0)