Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

query to get top 10 users

splunkuseradmin
Path Finder
‎03-20-2019 11:43 AM

Hello everybody,

I am getting data in "index=test", I am trying to get top 10 Calling userid's with there call count.
device_type="device1" so far i have

thanks

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎03-21-2019 06:23 PM

@splunkuseradmin ,

Try

index="collab_uc_cdr" NOT INTEGER NOT globalCallID_callId 
( sourcetype=cisco_cdr OR sourcetype=cisco_cdr-* OR sourcetype=cucm_cdr ) ( globalCallId_ClusterID=AMR-Corp-CCM11XX OR globalCallId_ClusterID=AMR-Corp-CCM12XX OR globalCallId_ClusterID=AMR-Corp-CCM13XX OR globalCallId_ClusterID=AMR-Corp-CCM14XX OR globalCallId_ClusterID=AMR-Corp-CCM15XX ) duration>0   device_type="Jabber" eventtype="outgoing_call" 
|stats count by globalCallId_ClusterID,callingPartyUnicodeLoginUserID 
|sort - count |head 10
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...