##########
Admin Notes

This query is a modified version of one submitted by tokenwander here: https://gosplunk.com/whos-using-splunk/
##########

index=_internal sourcetype="splunk_web_access" method="GET" status="200" user!=-
| stats count latest(_time) as ViewTime by user app view
| sort -count
| eventstats sum(count) as countByApp list(view) as view list(count) as count list(ViewTime) as ViewTime by user app
| convert timeformat="%a %m/%d/%Y %I:%M:%S %p" ctime(ViewTime)
| dedup app
| appendpipe [stats sum(count) as count by user | eval view = "Total Views"]
| sort + user -countByApp