Hi,

issue is in writing correct a query

Example:

Let's assume I have 2 groups such as :

 Group                User                    Application         bandwidth

================================================================

1)Group 1 :

             user 1 : 
                            App1 :                 25Mbs
                            App2 :             15Mbs

            user 2:
                            App1 :             25Mbs
                            App2 :             10Mbs

            user 3:
                            App1 :          20Mbs
                            App2 :          5Mbs

Total Group 1 usage : 100 Mb (Appl1: 70 Mbs, Appl2: 30 Mbs)

2)Group 2 :
user 4,

user 5,
user 6

similarly i have Group2, Group3 .......

Here, Group1 has 3 users( user1 , user2, user2) and
user1 usage 40 MB (for App1:25MB and App2:15MB) ,
user2 usage 35 MB (APP1 :25MB and App2:10MB)
User3 usage 25MB(APP1:20MB and APP2:5MB).

I want to display in Group usage per user information and total usage group1 , group2 ..
write Query :

| dedup user_id | sort department,user_id
| stats list("User") as user,list("Application") as Application,list("bandwidth") as Bandwidth_used by Group
| streamstats count as serialno
| appendpipe [|stats max(serialno) sum(bandwidth) as Bandwidth_used by department
| eval Group=Group." Total"] | sort serialno | fields - serialno

issue : how to modify above query..
1: unable to get total bandwidth for each Group1 , group2 .... here Total is showing 1,2,3,4...
how to show the top 10 applications being used by each user.

2: The values of usage per group total shall be shown at the top of the page instead of the end. .