Hello,
I have user data which is ingesting every week on Saturday in to Splunk.
I have 3000 Events on 5th Oct and 3150 Events on 12th Oct. i.e, 150 new users created in last one week.
And I have the fields called login_name and User_type.
I want to create a report showing new login_name by comparing 2 weeks of data. which is not in Splunk on 5th Oct and which is on 12th Oct.
Please do help me with the query.
Thanks in Advance.
↧