Hello,
I have a problem.
This is my request, it works well.
index=wineventlog EventID=4624 host=wipr625a OR host=wipr625b OR host=wipr626a OR host=wipr626b user!="DWM*"
| stats count as "nombre de connexions" by user, host, name
I would like to include the date in my results and that's how I modified my request, only with that request my results are wrong, did I forget something?
index=wineventlog EventID=4624 host=wipr625a OR host=wipr625b OR host=wipr626a OR host=wipr626b user!="DWM*"
| eval date=strftime(_time, "%d/%m/%Y %H:%M")
| stats count as "nombre de connexions" by user, date, host, name
thanks !
The search statement is correct. Please tell us specifically about the problem.
Is the problem that the number of results is different?
Did you check the displayed error?
https://answers.splunk.com/answers/506621/unknown-error-for-peer-xxx-search-results-might-be.html
How about the following search statement?
| bin span=1m _time
| stats count as "nombre de connexions" by user, _time, host, name