Does anyone know how to setup a stats table for the _audit with all data in that index? Mainly listing all the data in the index that contain searched data or event a sample of searches you performed. Please help.
If you want to know who ran what searches, and how many times, you could start with something like this:
index=_audit user=* action=search search=* sourcetype=audittrail | stats count(user) by search, user