This issue comes from the error logs of a login service. When a user scans their badge and attempts to log in with an invalid alias the resulting service exception will contain the following example text: "Unable to lookup personnel with barcode: 554067 and orgId: 1217864."
I've created a report to extract these events, it's a simple search containing "| rex field=_raw "barcode: (?< Alias>.) and orgId: (?< OrgID>.).""
This will generate the fields "Alias" and "OrgID." Valid aliases should be a 6 digit number. However, due to users scanning the wrong barcode, we see values of Alias like AC000000000000, NE000000 or sometimes a 6 letter alpha string. Is there any way for me to represent the count/percentage of invalid values of Alias? Ideally I'd want to create a graphical representation of this with a Pie Chart.