How to generate a search to plot a scatter chart?

How would one write out their **grouping and reporting commands** to **plot a scatter chart** for the following sample results? [01/May/2015:20:39:49 -0400] conn=2693355 op=9521 msgId=9522 - SRCH base="msfwid=0079960602,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" [01/May/2015:20:39:49 -0400] conn=2693355 op=9522 msgId=9523 - SRCH base="msfwid=007994118,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" [01/May/2015:20:39:49 -0400] conn=2693355 op=9523 msgId=9524 - SRCH base="msfwid=007998642,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" [01/May/2015:20:39:49 -0400] conn=2693355 op=9524 msgId=9525 - SRCH base="msfwid=007996783,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" [01/May/2015:20:39:49 -0400] conn=2693355 op=9525 msgId=9526 - SRCH base="msfwid=007996727,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" [01/May/2015:20:39:49 -0400] conn=2693355 op=9526 msgId=9527 - SRCH base="msfwid=007991139,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" [01/May/2015:20:39:49 -0400] conn=2693355 op=9527 msgId=9528 - SRCH base="msfwid=007993268,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" [01/May/2015:20:39:49 -0400] conn=2693355 op=9528 msgId=9529 - SRCH base="msfwid=0079964351,ou=people,o=acme acme" scope=0 filter="(objectclass=*)" attrs="uid" I want to do a count of all search actions by DN over _time. The DN value has already been extracted as a DN field which is equal to `msfwid=0079964351,ou=people,o=acme acme`. _time as you might already know is an internal field.