I have a search like this:
My Search|chart count(data.url) as SongsPlayed over userEmail
It gives me a list of users and the number of songs they listen to for a time.
I would like a chart that breaks down the users in groups, like those who listen between 0-10, the up to 20, 30 etc.
How do I do that in Splunk?
Hi, thank you, it is getting closer but it is still not working.
When I enter this:
|stats count(data.url) as SongsPlayed BY userEmail
| bin SongsPlayed span=10
I see results, emails with the bucket where they belong
But, when I put the whole thing as you suggested,
I get nothing, no results!
Thank you that works, but it is giving me users per 10 seconds, I think?
I want to count number of users, and the number of songs they play.
My basic query gives me the user email and the number of songs they listen to.
What I want is to group those users in buckets, of those who listen between 0 and 10, those who listen to etc.
So for example, it would be a bar graph for each bucket of songs.
10 users play 0-10 songs
34 users play 11-20 songs