Solved: Query to find events with more than 2 values for a...

john_byun · ‎02-01-2021

I'm trying to create a query to show me all users who have purchased more than 1 type of product.

Each event has a "user" field and a "product" field. I only want to see the users that have purchased more than 1 type of product.

"| stats count by user product"

This shows me all user and product combinations, but don't know how to filter all events where a user only purchased one type of product.

I feel that it should be a very simple query, but can't seem to figure it out.

scelikok · ‎02-01-2021

Please try below;

| stats dc(product) as count by user
| where count>1

If this reply helps you an upvote and "Accept as Solution" is appreciated.

scelikok · ‎02-01-2021

Please try below;

| stats dc(product) as count by user
| where count>1

If this reply helps you an upvote and "Accept as Solution" is appreciated.

john_byun · ‎02-01-2021

Perfect! Thanks for your help.

Query to find events with more than 2 values for a specific field compared to another field