I'm fairly new to Splunk search strings so hopefully someone can help. I'm trying to create a three column search:
1. Users (top 10 by the sum of the URL hits)
2. URL (top 10 by hits)
3. Hit count for each of the top 10 URL's
Here is where I'm at with the search string:
index="websense_events" category_name="*" sourcetype=websense_incoming user_login_name="*" ou_name="*OU=*"| top limit=10 tld by user_login_name | sort -count| fields - percent | head 10
I can't seem to figure out how to get more than one URL and hit count to appear in the output. Can anyone help?
... View more