Solved: Distinct Count combined with List

jacqu3sy · ‎01-15-2020

Is it possible to take a distinct count of something, then list this by an additional value by day?

something like the following but tweaked to display the count of events, by urgency on specific days;

notable
| bucket _time span=1d
| stats dc(event_id) by urgency, _time

The goal being a table that looks like the following;

Monday Medium, 5
High, 7
Tuesday Low, 6
Medium, 10
High, 20
etc etc

Thanks.

to4kawa · ‎01-15-2020

notable
| bucket _time span=1d
| chart dc(event_id) by date_wday urgency
| table date_wday, High, Medium, Low

Hi, @jacqu3sy
Please use chart.
Finally, the order of the columns must be aligned.

to4kawa · ‎01-15-2020

notable
| bucket _time span=1d
| chart dc(event_id) by date_wday urgency
| table date_wday, High, Medium, Low

Hi, @jacqu3sy
Please use chart.
Finally, the order of the columns must be aligned.

jacqu3sy · ‎01-16-2020

great stuff. Many thanks.

TISKAR · ‎01-15-2020

Hi @jacqu3sy:

can you try this please:

notable
| bucket _time span=1d
| stats dc(event_id) by date_wday, urgency

jacqu3sy · ‎01-15-2020

Kinda, but I want to list the results for each day within it's own row, if that makes sense.

So that is display better, in a table with a row for Monday, then alongside it listed the count by urgency.

Distinct Count combined with List