how to dedup "Owner group" without disturbing othe...

krishna1 · ‎11-08-2023

gcusello · ‎11-08-2023

what's your search (please in text not screenshot)?

what do you would have as result?

Ciao.

Giuseppe

krishna1 · ‎11-09-2023

| eval time_period= "01-Nov-23"

| eval time_period_epoc=strptime(time_period,"%d-%b-%y")
|where epoc_time_submitted <= time_period_epoc
|join max=0 type=left current_ticket_state [|inputlookup monthly_status_state_mapping.csv|rename Status as current_ticket_state "Ageing Lookup" as state|table current_ticket_state state]
|eval age= Final_TAT_days
|eval total_age=round(age,2)
|rangemap field=total_age "0-10days"=0-11 "11-20 Days"=11.01-20.00 "21-30 Days"=20.01-30 "31-40 Days"=30.01-40 "41-50 Days"=40.01-50 "51-60 Days"=50.01-60 "61-70 Days"=60.01-70 "71-80 Days"=70.01-80 "81-90 Days"=80.01-90 "91-100 Days"=90.01-100 ">100 Days"=100.01-1000

| stats count by work_queue state range
| eval combined=work_queue."|".state
| chart max(count) by combined range
| eval work_queue=mvindex(split(combined,"|"),0)
| eval state=mvindex(split(combined,"|"),1)
| fields - combined


|table work_queue state "11-20 Days" "21-30 Days" "31-40 Days" "41-50 Days" "51-60 Days" "61-70 Days" "71-80 Days" "81-90 Days" "91-100 Days" ">100 Days" |rename work_queue as "Owner Group" | fillnull value=0 |addtotals

how to dedup "Owner group" without disturbing other fields in table

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!