All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to report by time stamp and fields

gancw1
Explorer
‎11-21-2013 04:21 PM

Hi, I am new to splunk.
I would like to generate a report that just list all records which certain criteria e.g. status='success' and list the time stamp and 'userid' field.

Time                          Userid
1 7/10/13 12:00:00.000 AM     daveq 
2 7/11/13 12:00:00.000 AM     julesx
3 7/12/13 12:00:00.000 AM     janeo
....
....
Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎11-21-2013 05:55 PM 
status=success | table _time userid
0 Karma
Reply

pradeepkumarg
Influencer
‎11-21-2013 05:11 PM

index=my_index status=success | stats count by _time, Userid | fields _time, Userid

Reply

lukejadamec
Super Champion
‎11-21-2013 05:15 PM

If you all events, then don't dedup userID and table it:
index=my_index status=success | table _time,userID

0 Karma
Reply

lukejadamec
Super Champion
‎11-21-2013 05:13 PM

If you don't want a count, then dedup userID and table it:

index=my_index status=success | dedup userID | table _time,userID

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...