Splunk Search

query to get top 10 users

splunkuseradmin
Path Finder

Hello everybody,

I am getting data in "index=test", I am trying to get top 10 Calling userid's with there call count.
device_type="device1" so far i have

thanks

Tags (1)
0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@splunkuseradmin ,

Try

index="collab_uc_cdr" NOT INTEGER NOT globalCallID_callId 
( sourcetype=cisco_cdr OR sourcetype=cisco_cdr-* OR sourcetype=cucm_cdr ) ( globalCallId_ClusterID=AMR-Corp-CCM11XX OR globalCallId_ClusterID=AMR-Corp-CCM12XX OR globalCallId_ClusterID=AMR-Corp-CCM13XX OR globalCallId_ClusterID=AMR-Corp-CCM14XX OR globalCallId_ClusterID=AMR-Corp-CCM15XX ) duration>0   device_type="Jabber" eventtype="outgoing_call" 
|stats count by globalCallId_ClusterID,callingPartyUnicodeLoginUserID 
|sort - count |head 10
Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...