yjaaidi/splunk-most-request-resource-by-user

## splunk-most-request-resource-by-user
stats count by user fqdn
| eventstats sum(count) as count_by_user by user
| eval percent=count/count_by_user
| table user, fqdn, percent, count, count_by_user
| sort - percent
| search count_by_user > 100
	stats count by user fqdn
	\| eventstats sum(count) as count_by_user by user
	\| eval percent=count/count_by_user
	\| table user, fqdn, percent, count, count_by_user
	\| sort - percent
	\| search count_by_user > 100