×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Izzat
Observer
Member since: ‎04-21-2021
‎04-27-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-21-2021
View All

Build a Dashboard Panel to show incidents which ha...

by in Dashboards & Visualizations
‎04-21-2021 12:59 AM
‎04-21-2021 12:59 AM
Greetings Splunk Community,  I am looking to build a Dashboard Panel to show the count of incidents which have passed the SLA timeline as described below: Urgency (Count) SLA Time Critical  Older than 1 week High  Older than 2 weeks Medium  Older than 3 weeks Low Older than 4 weeks It would be nice if this can also reflect the owner name for these late incidents. I tired something like this, but I am not sure if I am on the right track or not. | `es_notable_events` | where status_group="New" OR status_group="Open" | stats sum(count) as count by status,urgency,owner | `get_reviewstatuses` | chart sum(count) as count over status_label by urgency | rename status_label as status | `sort_chart` Your kind assistance is highly appreciated. Best Regards, Izzat. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-27-2021 07:27 AM