This splunk query will return the total number of unique users in a given time range.

sourcetype=linux_secure | rex "\suser[^'](?<User>\S+\w+)" | stats dc(User)