Solved: Re: Build Chart (Score Sheet) that shows all assig...

troyward · ‎10-21-2017

So I have score information for a variety of challenges completed by a number of people. I want to build a chart showing their score information for each challenge individually. Building the chart is easy enough, my problem is that if they haven't completed the challenge (i.e. no score) then the challenge won't show up at all. I have a lookup table with a complete list of the challenges. Is there a way to force all challenges (even the ones without the scores) to show up or to generate or 0 score if the assignment isn't there?

Thanks,

Troy

cmerriman · ‎10-21-2017

I would maybe use append with the lookup of all challenges.

Something like

...|stats count as completed_challenges by challenge contestant
 |append [|inputlookup challenges.csv]
 |fillnull completed_challenges value=0
 |stats sum(completed_challenges) as completed_challenges by challenge contestant

View solution in original post

cmerriman · ‎10-21-2017

I would maybe use append with the lookup of all challenges.

Something like

...|stats count as completed_challenges by challenge contestant
 |append [|inputlookup challenges.csv]
 |fillnull completed_challenges value=0
 |stats sum(completed_challenges) as completed_challenges by challenge contestant

Build Chart (Score Sheet) that shows all assignments (even missing)

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

Build Chart (Score Sheet) that shows all assignments (even missing)

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR