Solved: How to sum the count of three users?

reschal · ‎10-27-2017

Hi,

in my scenario i have a lot of users for example: user1, user2, user3... and i want to count their logins to a server and create a pie chart. I have the problem that there are some users which have the same name but a different notation for example user1, USER1 and USer1. How can i sum the counts of these 3, allocate it to user1 and create the pie chart?

Thx for your help!

kamlesh_vaghela · ‎10-27-2017

Hi reschal,

you can lower the user names.

Can you please try this?

YOUR_SEARCH | eval user_field =lower(user_field) | stats count by user_field

just add extra eval before stats command.

thanks

View solution in original post

kamlesh_vaghela · ‎10-27-2017

Hi reschal,

you can lower the user names.

Can you please try this?

YOUR_SEARCH | eval user_field =lower(user_field) | stats count by user_field

just add extra eval before stats command.

thanks

reschal · ‎10-27-2017

Thanks, it works 🙂

kamlesh_vaghela · ‎10-27-2017

Hi
Can you please accept this question to mark as close?

How to sum the count of three users?

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you a member of the Splunk Community?

How to sum the count of three users?

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar