SPL
Splunk Query Count by users
Description
0 0
index=_audit search=* NOT (search_id='scheduler* OR search_id='Summary*) user=admin | timechart span=1d count by user usenull=f
GoSplunk SPL + dashboard repository
SPL
index=_audit search=* NOT (search_id='scheduler* OR search_id='Summary*) user=admin | timechart span=1d count by user usenull=f
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.