Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Display Search result of accounts by count of user time and show time date of occurrences

afez89
New Member
‎07-22-2018 08:05 PM

Hi I would like to display my result in this manner

|User Account | Time/Occurences | Count |
| A | 2018/5/5 | |
| | 2018/4/4 | |
| | 2018/3/3 | 3 |
| B | 2018/1/1 | |

| | 2018/2/2 | 2 |

Sorry the | represent columns, space are removed so the result does not look like an excel table which i intend to make
User Account and time occurences field already extracted
Please help provide syntax to display results as such

Given that search: XXXXXXX

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎07-23-2018 10:40 AM

What's your current search?

0 Karma
Reply

PowerPacked
Builder
‎07-22-2018 08:47 PM

Hi @afez89

Am not sure, if i understood your question correctly

But give this a try

index=yourindexname | stats count by UserAccount Time/Occurences

or can also try -- | chart count by UserAccount over Time/Occurences

Thanks

0 Karma
Reply

afez89
New Member
‎07-22-2018 09:07 PM

Hi @powerPacked, It stats no Result found for the first and second one u proposed

0 Karma
Reply

PowerPacked
Builder
‎07-23-2018 09:35 AM

if your UserAccount & Time/Occurences fields are extracted, it should work.

& feild names should not contain spaces, in the above question there is space in field
User Account, check with it.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...