I have 3 Ticket groups A, B, and C. And multiple users. My system logs every ticket purchased under each ticket group by each user as below. Every ticket purchase will have the below entry and exit log and user name in between.

Entry Ticket system TicketgrpA ticketnbr = 1232424
SalesUser = user1
Exit Ticket system TicketgrpA ticketnbr = 1232424

Entry Ticket system TicketgrpB ticketnbr = 1234353
SalesUser = user1
ExitTicket system TicketgrpB ticketnbr = 1234353

Entry Ticket system TicketgrpC ticketnbr = 1232434
SalesUser = user4
Exit Ticket system TicketgrpC ticketnbr = 1232434

I would like to show in a graph - Number of tickets purchased by each user under each group.
Y axis - Count
X axis - Users grouped by ticketGrp

TKTSYS* will fetch all the event logs - entry, exit and Sales User. I used below query and it is showing under statistics as below but not showing ticketgrp in the graph. counts are showing combined for all ticketgroups for each user. I want to display them so that each ticket group count is shown grouped for each user.

SalesUser ticketgrp Count
user1         A       1
user2         B       2

index=jra_app_events sourcetype=eventing appVersion=TKTSYS  TKTSYS* | transaction startswith="Entry Ticket system " endswith="Exit Ticket system" | eval ticketgrp=case(like(_raw, "%TicketgrpA%"), "A", like(_raw, "%TicketgrpB%"), "B", like(_raw, "%TicketgrpC%"), "C") | stats count by SalesUser, ticketgrp

Any help would highly appreciated. Thanks.