I want to make a linechart of users in a division logged in throughout the day, but I can't make the tstat search work with linechart. The count works fine but I want to group the users by 30 minutes.

A typical users are:
COMPANY\HR94832
COMPANY\AC49328

So I have to filter the user with "COMPANY\HR*.
| tstats summariesonly=true allow_old_summaries=true
dc(Session_SessionDetail.SessionUser) as Users
from datamodel=uberAgent.Session_SessionDetail
where Session_SessionDetail.SessionUser = "COMPANY\HR*" by _time