Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to edit my search to create a table with the distinct count of users by domain?

DEAD_BEEF
Builder
‎01-20-2016 12:44 PM

I am trying to create a table that shows the number of distinct users that have logged into a machine. I am having problems getting the domain to appear next to the distinct user count.

Current search& output
index=logs event=logon | dc(username) AS UserCount

UserCount
106

DESIRED Output

Domain            UserCount
GUEST                 20
INTERNAL              72
EXTERNAL              4
WIRELESS              10

I tried various permutations of stats count by, table, and sum, but I just can't seem to figure it out.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

s2_splunk
Splunk Employee
Splunk Employee
‎01-20-2016 12:49 PM

Does index=logs event=logon | stats dc(username) AS UserCount by Domain not give you what you want?

View solution in original post

Reply
Solved! Jump to solution
Solution

s2_splunk
Splunk Employee
Splunk Employee
‎01-20-2016 12:49 PM

Does index=logs event=logon | stats dc(username) AS UserCount by Domain not give you what you want?

Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎01-20-2016 12:56 PM

Yea... that's exactly what I needed. Can't believe I overlooked something so simple, I was waaaay over-thinking it. Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...