Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

generate a graph where the x -axis represent number of times the ticket was assigned and Y-axis represent number of tickets

wessam
Explorer
‎06-13-2017 02:33 AM

Hello all ,

I need your help as i have list of tickets called "Tickets" and i would like to generate a graph where the x -axis represent number of times the ticket was assigned and Y-axis represent number of tickets
for Ex :
Tickets
AB111
AB111
AB122
AB910
AB122

so i would like to get the below results

Number of times Tickets_numbers
1 1
2 2
3 0

which illustrate that only one ticket was assigned one time however we had 2 tickets that was assigned two times and no tickets was assigned three times

Thanks

Tags (1)
0 Karma
Reply

cmerriman
Super Champion
‎06-13-2017 08:48 AM

this gave me similar results:

|makeresults|eval ticketId="AB111,AB111,AB122,AB910,AB122"|makemv ticketId delim=","|mvexpand ticketId|eventstats count by ticketId|stats dc(ticketId) by count

so try something like:

|eventstats count as NumTimes by ticketId|stats dc(ticketId) as Ticket_Numbers by NumTimes
Reply

somesoni2
Revered Legend
‎06-13-2017 09:29 AM

Or this (will be efficient than using eventstats)

your base search | stats count by NumTimes by ticketId | stats count as Ticket_Numbers by NumTimes
Reply

cmerriman
Super Champion
‎06-13-2017 10:46 AM

edit:

|stats count as NumTimes by ticketId|stats count as Ticket_Numbers by NumTimes
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top