I have a use case to write a splunk query to display in a line or area chart the unique and initial AWS access key usage by IAM users in our org trending for the past year. Management want to be able to visually show increased cloud adoption numbers over time. Any ideas on how to display this? I feel like I'm almost there with stats but not quite.
index=blah sourcetype=blah user_type=SAMLuser | stats earliest(eventTime) by userIdentity.userName
This almost gets me there, but it won't depict the stats in a pretty line chart.
Thanks!
... View more