Hello everyone,

I am a newbie so please dont hurt me! 🙂 However, I need to get a report using trending (30 days) on email per usernames..

index=msexchange Username="*" | timechart partial=f fixedrange=f limit=0 span=30d sum(count) by Username

It does not work.. Can some one assist me on Splunk?

Thanks