Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Visualization of the count of users' event counts

brajaram
Communicator
‎11-03-2017 09:07 AM

This is probably a simple answer, but I'm pretty new to splunk and my googling hasn't led me to an answer. So I'm trying to write a query that looks like this:

index=<> sourcetype=<> | stats count by uid

A simple query, just get the number of events per UID(User ID). What I want to display, however, is a visualization of the counts per user ID. For example, if I have 5 user IDs that have 5 events, 6 user IDs that have 6 events, and 7 user IDs that have 3 events, I want a graph that displays 3 columns, with the X-axis being the specific values(3 events, 5 events, 6 events), and the Y value being the corresponding counts of users that fit within those counts(7, 5, 6 specifically).

Its probably a very simple solution, but I can't seem to find an answer, so I'm hoping to find it here. Thanks!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎11-03-2017 09:15 AM

Try this

index=<> sourcetype=<> | stats count as EventCount by uid | stats count as UserCount by EventCount

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎11-03-2017 09:15 AM

Try this

index=<> sourcetype=<> | stats count as EventCount by uid | stats count as UserCount by EventCount
Reply
Solved! Jump to solution

brajaram
Communicator
‎11-03-2017 09:21 AM

Thanks for the quick response! I was trying things in that vein but couldn't get it to work, but your solution worked perfectly.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...