Splunk Query Count by users

_internal
databeastmaster
You already voted!

index=_audit search=* NOT (search_id='scheduler* OR search_id='Summary*) user=admin | timechart span=1d count by user usenull=f

Share This:

Tagged: _audit

Newest | Active

SplunkNinja

Active 2 days, 8 hours ago
jayzao

Active 2 weeks, 2 days ago
taskmasterpeace

Active 3 weeks, 5 days ago
erle.spencer

Active 3 weeks, 6 days ago
dnedim

Active 3 weeks, 6 days ago