I have a list of top 10 users that failed to login to a site and I want to take the events related to those top ten users and get a read out of:
Time of first event
Time of last event
Total number of events

This would be relating to each user in that top ten list. Here is an example of what it would look like on paper:
---user_email--------------Start--------------------------------Stop----------------------------------Total
1. bob@bob.com---------02/28/17 - 01:16:19:PM-------09/22/17 - 10:36:51:AM---------35
2. smith@smith.com-----04/1/17 - 05:32:15:PM --------06/26/17 - 11:22:06:PM---------7

Here is what I have so far, really I am just missing how I can get the total number of events per user column:
index="test" Event_ID="123456" [search index="test"Event_ID="123456" | top limit=10 user_email | table user_email]
| stats earliest(_time) as start, latest(_time) as stop by user_email
| eval start=strftime(start, "%m/%d/%y - %I:%M:%S:%p")
| eval stop=strftime(stop, "%m/%d/%y - %I:%M:%S:%p")