Sorry I am new to Splunk and wondering if can have the report that gives results in a table as below,
data as :
index=api serviceName=find userId=7878
index= api serviceName=find userId=7877
index= api serviceName=find userId=7878
index= api serviceName=person userId=7878
Result should be like :
a) table A : serviceName, count of (unique userId's)
b) Also if its possible to have the result of table A for 1 day, 7 day, 30 days
Please provide the queries also.
↧