Dashboards & Visualizations

Display Search result of accounts by count of user time and show time date of occurrences

afez89
New Member

Hi I would like to display my result in this manner

|User Account | Time/Occurences | Count |
| A | 2018/5/5 | |
| | 2018/4/4 | |
| | 2018/3/3 | 3 |
| B | 2018/1/1 | |

| | 2018/2/2 | 2 |

Sorry the | represent columns, space are removed so the result does not look like an excel table which i intend to make
User Account and time occurences field already extracted
Please help provide syntax to display results as such

Given that search: XXXXXXX

Tags (1)
0 Karma

somesoni2
Revered Legend

What's your current search?

0 Karma

PowerPacked
Builder

Hi @afez89

Am not sure, if i understood your question correctly

But give this a try

index=yourindexname | stats count by UserAccount Time/Occurences

or can also try -- | chart count by UserAccount over Time/Occurences

Thanks

0 Karma

afez89
New Member

Hi @powerPacked, It stats no Result found for the first and second one u proposed

0 Karma

PowerPacked
Builder

if your UserAccount & Time/Occurences fields are extracted, it should work.

& feild names should not contain spaces, in the above question there is space in field
User Account, check with it.

Thanks

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...