Hi Splunker,
I have a logs which has
Defect ID ,Actual Fix Time Taken,Detected By,Priority.
I would like to calculate maximum value of Actual Fix time taken by each Priority and simultaneously i would like to see the Defect Id as well
My output should look like that
Priority Defect ID Detected by Maximum Actual Fix time(In days)
P1 1234 x 2
P2 767 Y 5
P3 122 z 20
P4 3526 T 67
Note:- Actual Fix time means time taken to fix the defect and here i would like to know the Defect ID for which maximum time taken to close that defect against each priority.
I tried using below mentioned query
source="Jcaps_Logs.csv" index="jcaps" sourcetype="csv"
| fillnull value=NULL "Actual Fix Time"
| search "Actual Fix Time"!=NULL
| stats max("Actual Fix Time") as maxy by "Priority","Defect ID"
Thanks in advance
Try like this
source="Jcaps_Logs.csv" index="jcaps" sourcetype="csv"
| fillnull value=-1 "Actual Fix Time"
| sort 0 Priority -"Actual Fix Time"
| dedup Priority
| table Priority "Defect ID" "Detected By" "Actual Fix Time"
| eval "Actual Fix Time"=if('Actual Fix Time'=-1,"NULL",'Actual Fix Time")
| rename "Actual Fix Time" as "Maximum Actual Fix time(In days)"
Try like this
source="Jcaps_Logs.csv" index="jcaps" sourcetype="csv"
| fillnull value=-1 "Actual Fix Time"
| sort 0 Priority -"Actual Fix Time"
| dedup Priority
| table Priority "Defect ID" "Detected By" "Actual Fix Time"
| eval "Actual Fix Time"=if('Actual Fix Time'=-1,"NULL",'Actual Fix Time")
| rename "Actual Fix Time" as "Maximum Actual Fix time(In days)"
Many thanks somesoni2