Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Display Search result of accounts by count of user time and show time date of occurrences

afez89
New Member
‎07-22-2018 08:05 PM

Hi I would like to display my result in this manner

|User Account | Time/Occurences | Count |
| A | 2018/5/5 | |
| | 2018/4/4 | |
| | 2018/3/3 | 3 |
| B | 2018/1/1 | |

| | 2018/2/2 | 2 |

Sorry the | represent columns, space are removed so the result does not look like an excel table which i intend to make
User Account and time occurences field already extracted
Please help provide syntax to display results as such

Given that search: XXXXXXX

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎07-23-2018 10:40 AM

What's your current search?

0 Karma
Reply

PowerPacked
Builder
‎07-22-2018 08:47 PM

Hi @afez89

Am not sure, if i understood your question correctly

But give this a try

index=yourindexname | stats count by UserAccount Time/Occurences

or can also try -- | chart count by UserAccount over Time/Occurences

Thanks

0 Karma
Reply

afez89
New Member
‎07-22-2018 09:07 PM

Hi @powerPacked, It stats no Result found for the first and second one u proposed

0 Karma
Reply

PowerPacked
Builder
‎07-23-2018 09:35 AM

if your UserAccount & Time/Occurences fields are extracted, it should work.

& feild names should not contain spaces, in the above question there is space in field
User Account, check with it.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...