Hi Daljeanis, thank you for your script. i have tried using it but the year is 1970, also the months a ticket should be opened is not correct. Please take note of this example: "ticket AAA" is created june2017 and resolved Sept2017 therefore months june, july, august, and september should have an open ticket count of 1. that makes it: june = 1 july = 1 aug=1 sept = 1 ("ticket AAA" is open for some of the days in sept so i counted it also as open on the resolve date) ... View more

Sample: TICKET NO. Created date Resolved date Ticket-1 | 2017 / 06 | 2017 / 09 Ticket-2 | 2017 / 01 | 2017 / 04 Ticket-3 | 2017 / 02 | 2017 / 05 Ticket-4 | 2017 / 03 | 2017 / 06 Ticket-5 | 2017 / 05 | 2017 / 08 When i do statistics for the 5 tickets above the result is: Ticket 1: will only be counted in June(06) and September(09), created and resolved dates respectively Ticket 2: will only be counted in January(01) and Apr(04), created and resolved dates respectively Ticket 3: will only be counted in Feb(02) and May(05), created and resolved dates respectively Ticket 4: will only be counted in March(03) and Jun(06), created and resolved dates respectively Ticket 5: will only be counted in May(05) and Aug(08), created and resolved dates respectively For ticket 1 i want it to be counted as well in July and August because it was only resolved on Sept. Same logic with others. What i want my statistics to look like: Year-month = Count 2017-January = 1 2017-February = 2 2017-March = 3 2017-April = 3 2017-may = 3 2017-June = 3 2017-July = 2 2017-August = 2 2017-September = 1 2017-October = 0 2017-November = 0 2017-December = 0 then doing the timechart ... View more

Wow! thanks a lot, it worked! ... View more

hi sundareshr thanks for your effort. however using your search does not show the "TYPE" column on the output. ... View more

thanks woodcock it worked using manual search. one problem though, on my dashboard, i have a timerange ticker. the search we have (with dollar sign) does not load on a time range ticker dashboard. maybe the value of the time range ticker is being replaced on our search with dollar signs? the panel is showing "search is waiting for input..." ... View more

to add, the sum of "tostring" values when adding commas are not reflected on totals ... View more

to add, the sum of "tostring" values when adding commas are not reflected on totals ... View more

did not seem to get the solution applying the above formula. here is my search: index=indexname | eval YMD=strftime(_time,"%Y-%m-%d") | chart eval(round(count(PRODUCT)2.5,2)) over TYPE by YMD useother=f limit=500 | addtotals col=true 2016- labelfield=TYPE label="Product Type Totals" fieldname="Totals" i need to place commas on all numeric values inside columns and totals ... View more

did not seem to get the solution applying the above formula. here is my search: index=indexname | eval YMD=strftime(_time,"%Y-%m-%d") | chart eval(round(count(PRODUCT)2.5,2)) over TYPE by YMD useother=f limit=500 | addtotals col=true 2016- labelfield=TYPE label="Product Type Totals" fieldname="Totals" i need to place commas on all numeric values inside columns and totals ... View more

Thanks this worked! ... View more

Hello baerts, have you tried to use your suggestion? actually i have tried that before but it did not work. ... View more

Hello Patient, i am already aware of that script.. problem is i have three tables.. that script i believe does not support 3 table ID's.. if it does can you revise that script to show the right codes. Thanks ... View more

Thanks MuS!.. it successfully matched a specific field with values on two different sourcetypes. Can you also give the search wherein i could match values on 3 different fields existing on two different sourcetypes under a single query? Basically i should be able to match BATCH_ID, AGENCY_CODE and EMPLOYEE_NO on my report Sourcetype A Field BATCH_ID = ABC Field AGENCY_CODE = XYZ Field EMPLOYEE_NO = 123 should match: Sourcetype B Field BATCH_ID = ABC Field AGENCY_CODE = XYZ Field EMPLOYEE_NO = 123 ... View more