Splunk Search

How do you get a count on the latest status of Jira tickets?

cpboothe
New Member

Hi,

I want to get a count on tickets with the latest status of "In Progress". An example of the data set is below:

alt text

In this example data set, I should be getting a count of 1 ticket in "in Progress". I have tried a number of functions and reviewed the forum on similar questions, but I can't get the search working.

Any help would be greatly appreciated.

Thanks,

Craig

Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

It would help if you shared your current search. However, dedup should help solve the problem. It selects the most recent entry when it finds more than one with the same value so the earlier instance of RT-3 won't be seen.

 index=foo ticket_number=* status=* last_updated_date_time=* | dedup ticket_number| search status="In Progress" | stats count
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It would help if you shared your current search. However, dedup should help solve the problem. It selects the most recent entry when it finds more than one with the same value so the earlier instance of RT-3 won't be seen.

 index=foo ticket_number=* status=* last_updated_date_time=* | dedup ticket_number| search status="In Progress" | stats count
---
If this reply helps you, Karma would be appreciated.
0 Karma

cpboothe
New Member

seems to be working. thank you for your help. Appreciated

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...