Hello Richgalloway,
the log looks like the following
Time Event
10/1/18 CALL_TimeStamp="2018-10-01T20:27:23.994Z-IH" ID="TEST"
8:27:24.017 PM UserID="EMP01"
Starting RESTful Servoce (1811P0):
QueryMode : Standard
Query Operation : QUERY
field1, field2, field3, field4, field5, field6, field7, field8, field9, field10 FROM Emplpyee
WHERE last_modified_on >= to_datetime('2018-10-01T14:17:20Z')
In the above splunk log, there are two timestamps & an "UserID"
1. CALL_Timestamp
2. last_modified_on
I would like to get the total number of Users (UserID) queried the data for more than 6 months (by calculating the aforementioned timestamps). I am pretty new to splunk. would like to learn more. i am looking forward to hear from you
Regards,
Preetha
... View more