Have you tried building a custom view with a table element. For the table select event query, then count. On the filters page, simply filter it for the signature ID of the event you want to see.
Thanks for response. .Simply filtering signature ID to show hit count gives count of all sites (good and bad site).
We want to see hit count only for URL which are in 'bad_url_list' watchlist.
Sure, I get it now. If you have an ACE (or one of the VM correlation engines) you can write a correlation rule where signature ID = something && URL in bad_url watchlist. Set it to trigger on a single positive hit. Then run your custom view against the correlation's signature ID with a count element.
These are ALL virus/scam sites
You will need to ensure the data is parsed to an indexed field for the URL, then setup a view for the bar graph, and (field summary) where field is the field you are parsing the data to. That will give you a count of events by field summary. URL by default is not an indexed field, and in order to make it work, you will need to modify the parser to parse the data into another field you create that is not using a custom field already in use, and then use your view to do a summary by the field you created.
It is not an easy task, and probably will take 2-3 hours to do, but the reward is worth it.
"For test URL ,I'm able to see test site when searched in URL on SIEM but 'view' is failing to show # of hits."
Go to your Dashboard and do the following:
Select 'Edit Dashboard/View' --> Highlight "Events Module" --> Select 'Edit' --> Add "Event Count"
Hope that helps.. you should just need to add the event count as one of the fields displayed in your events module of the dashboard.