generate a graph where the x -axis represent numbe...

wessam · ‎06-13-2017

Hello all ,

I need your help as i have list of tickets called "Tickets" and i would like to generate a graph where the x -axis represent number of times the ticket was assigned and Y-axis represent number of tickets
for Ex :
Tickets
AB111
AB111
AB122
AB910
AB122

so i would like to get the below results

Number of times Tickets_numbers
1 1
2 2
3 0

which illustrate that only one ticket was assigned one time however we had 2 tickets that was assigned two times and no tickets was assigned three times

Thanks

cmerriman · ‎06-13-2017

this gave me similar results:

|makeresults|eval ticketId="AB111,AB111,AB122,AB910,AB122"|makemv ticketId delim=","|mvexpand ticketId|eventstats count by ticketId|stats dc(ticketId) by count

so try something like:

|eventstats count as NumTimes by ticketId|stats dc(ticketId) as Ticket_Numbers by NumTimes

somesoni2 · ‎06-13-2017

Or this (will be efficient than using eventstats)

your base search | stats count by NumTimes by ticketId | stats count as Ticket_Numbers by NumTimes

cmerriman · ‎06-13-2017

edit:

|stats count as NumTimes by ticketId|stats count as Ticket_Numbers by NumTimes

generate a graph where the x -axis represent number of times the ticket was assigned and Y-axis represent number of tickets

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

generate a graph where the x -axis represent number of times the ticket was assigned and Y-axis represent number of tickets

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I