Display Search result of accounts by count of user...

afez89 · ‎07-22-2018

Hi I would like to display my result in this manner

|User Account | Time/Occurences | Count |
| A | 2018/5/5 | |
| | 2018/4/4 | |
| | 2018/3/3 | 3 |
| B | 2018/1/1 | |

| | 2018/2/2 | 2 |

Sorry the | represent columns, space are removed so the result does not look like an excel table which i intend to make
User Account and time occurences field already extracted
Please help provide syntax to display results as such

Given that search: XXXXXXX

somesoni2 · ‎07-23-2018

What's your current search?

PowerPacked · ‎07-22-2018

Hi @afez89

Am not sure, if i understood your question correctly

But give this a try

index=yourindexname | stats count by UserAccount Time/Occurences

or can also try -- | chart count by UserAccount over Time/Occurences

Thanks

afez89 · ‎07-22-2018

Hi @powerPacked, It stats no Result found for the first and second one u proposed

PowerPacked · ‎07-23-2018

if your UserAccount & Time/Occurences fields are extracted, it should work.

& feild names should not contain spaces, in the above question there is space in field
User Account, check with it.

Thanks

Display Search result of accounts by count of user time and show time date of occurrences

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life