Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Report generation without using count

garima_chauhan
Path Finder
‎02-14-2014 12:46 AM

Hi,

I have a search which displays the last login made by a user on several hosts. I want to generate a report on this search but don't want to use count as the parameter. I am able to create the report by using count but it is meaningless to include count here. I have tried

| xyseries User Host LastLoginTime

but it also does not give me the desired output in the form of a graph. I want to display the User,Host and LastLogintime in the report.

How can I make the report meaningful without using count? I want the report to be a graph.
Please suggest.

Tags (2)
0 Karma
Reply

gfuente
Motivator
‎02-14-2014 01:05 AM

You can use the count search and then use 

yoursearch| fields - count

regards

0 Karma
Reply

garima_chauhan
Path Finder
‎02-14-2014 01:10 AM

Hi,
removing count from search is not the problem. I am able to do that by using | table User Host LastLoginTime. My problem is that I want the report(graph) based on time without count being displayed in that.
Right now, when I generate a report on the search, it gives me user on one axis and count on another and the chart is blank since I have not used it with table.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Mile High Learning with Splunk University, Denver, Colorado

If Denver is known for its mile-high elevation, Splunk University is about to raise the bar on technical ...

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

We are excited to announce the June release of Splunk IT Service Intelligence (ITSI) 5.0. This update ...

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...