Solved: How to sum the count of three users?

reschal · ‎10-27-2017

Hi,

in my scenario i have a lot of users for example: user1, user2, user3... and i want to count their logins to a server and create a pie chart. I have the problem that there are some users which have the same name but a different notation for example user1, USER1 and USer1. How can i sum the counts of these 3, allocate it to user1 and create the pie chart?

Thx for your help!

kamlesh_vaghela · ‎10-27-2017

Hi reschal,

you can lower the user names.

Can you please try this?

YOUR_SEARCH | eval user_field =lower(user_field) | stats count by user_field

just add extra eval before stats command.

thanks

View solution in original post

kamlesh_vaghela · ‎10-27-2017

Hi reschal,

you can lower the user names.

Can you please try this?

YOUR_SEARCH | eval user_field =lower(user_field) | stats count by user_field

just add extra eval before stats command.

thanks

reschal · ‎10-27-2017

Thanks, it works 🙂

kamlesh_vaghela · ‎10-27-2017

Hi
Can you please accept this question to mark as close?

How to sum the count of three users?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk