Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted
Solved! Jump to solution

Visualization of the count of users' event counts

brajaram
Communicator
‎11-03-2017 09:07 AM

This is probably a simple answer, but I'm pretty new to splunk and my googling hasn't led me to an answer. So I'm trying to write a query that looks like this:

index=<> sourcetype=<> | stats count by uid

A simple query, just get the number of events per UID(User ID). What I want to display, however, is a visualization of the counts per user ID. For example, if I have 5 user IDs that have 5 events, 6 user IDs that have 6 events, and 7 user IDs that have 3 events, I want a graph that displays 3 columns, with the X-axis being the specific values(3 events, 5 events, 6 events), and the Y value being the corresponding counts of users that fit within those counts(7, 5, 6 specifically).

Its probably a very simple solution, but I can't seem to find an answer, so I'm hoping to find it here. Thanks!

0 Karma
Reply
1 Solution
Highlighted
Solved! Jump to solution
Solution

Re: Visualization of the count of users' event counts

somesoni2
SplunkTrust
SplunkTrust
‎11-03-2017 09:15 AM

Try this

index=<> sourcetype=<> | stats count as EventCount by uid | stats count as UserCount by EventCount

View solution in original post

Reply
Highlighted
Solved! Jump to solution

Re: Visualization of the count of users' event counts

brajaram
Communicator
‎11-03-2017 09:21 AM

Thanks for the quick response! I was trying things in that vein but couldn't get it to work, but your solution worked perfectly.

0 Karma
Reply