Hi All, I am having an issue on extracting a string in a field. For example, I have this data below: "18/10/2018 03:44:35 - Joneil Englis (Additional comments) Hi All, this is now being investigated. We'll keep you updated on our progress. 16/10/2018 04:40:51 - David Jinn Hong Chia (Additional comments) Hi team Another Shipment Cost Document has the same issue in E1P today. 563638 15/10/2018 02:21:06 - Christian Espinosa (Additional comments) Hi All, this is now being investigated. We'll keep you updated on our progress. " I need to get the latest name on who updated the ticket. I am trying to use a regex expression where i can get the string between the character "-" and "(" but sometimes the data of the field contains many occurrence of these characters. I need to get the string Joneil Englis. Could anyone help me? Thanks in advance. ... View more

Hi All, I am currently having trouble in grouping my data per week. My search is currently configured to be in a relative time range (3 months ago), connected to service now and the date that I use is on the field opened_at. Only data that has a date in its opened_at within 3 months ago should only be fetched. I had successfully grouped them by month and year but I am having trouble in grouping them per week. Is it possible to group them by week? Please see details below. Thank you. Current setup of the table. Month No. of SRs No. of INCs Total Dec/2017 172 99 271 Jan/2018 543 243 788 Feb/2018 439 213 654 Mar/2018 160 105 265 My current query: ...search| | eval created_at=strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval Month=strftime(created_at,"%b/%Y") | eval date_month=strftime(created_at,"%m") | eval date_year=strftime(created_at,"%Y") | eval epoch = strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval diff = (now() - epoch)/60 | where diff < 131400 | stats count(eval(u_service_req="true")) as "Number of SRs", count(eval(u_service_req!="true")) as "No. of Incidents", count(ticket_number) as "Total" by Month date_month date_year | sort+ date_year date_month | fields- date_year date_month ... View more

Hi All, Im creating a table in which it will count the ticket that was logged per month and I need to do it for the last three months. Im finding a hard time to sort my table by month/year. I need to place them in chronological order with this format month/year. I tried sorting them by %m (but it only sort them in numerical order) and %b(but it sort them in alphabetical order. My table is looking like this. Month count Dec/2017 38 Feb/2018 2829 Jan/2018 933 Mar/2018 590 My query: .......search query | eval created_at=strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval Month=strftime(created_at,"%b/%Y") | eval epoch = strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval diff = (now() - epoch)/60 | where diff < 131400 | stats count(ticket_number) by Month Could anyone help me on this. Thanks in advance. ... View more

Hi All, Im trying to get the ticket inflow for the last three months. My data is connected to service now and the date that I use is on the field opened_at. I keep on getting tickets that are opened at more than three months, that's my problem because every time there is an update on some aging tickets it creates a new event that will be later be fetched on my search. I have also set my time range to be relative to past 3 months. My question is that how can I only get data that has a date of opened_at for the previous 3 months relatively on the time now. My query is below for more details. Please I have been stuck on this. Thank you. index=aiam_itsm_ticket_kerry |dedup ticket_number sortby +_time |where (u_category!="Change Request" AND u_category!="Z SAP CR" AND u_category!="Z SAP Non Production" AND u_category!="NON PRODUCTION (SAP Staff Only)") AND caller_id!="SN Event Creator (snevent_creator)" AND assignment_group="SAP/MDM/MDM - AM/" | eval created_at=strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval Month=strftime(created_at,"%b") | stats count(ticket_number) by Month All the best, Nicolo ... View more

Hi All, I have a panel containing the top 10 resolution profiles of our tickets and I want to have a drilldown table which when I click the value of the Resolution Profile, there will be a table below which contains the ticket details like ticket number and assignment group. My drilldown works fine with the top 1 resolution profile, but when I select other resolution profiles, It gets some other ticket details which is not the one that I clicked in the table. Can you help me please with my query? Please see below query that I have. <search> <query>.......| stats count by u_resolution_profiles</query> </search> <drilldown> <set token="Value_tkn">$click.value$</set> </drilldown> <table depends="$Value_tkn$"> <search> <query>.......|search $Value_tkn$| table ticket_number u_resolution_profiles assignment_group assigned_to| rename ticket_number as "Ticket Number" u_resolution_profiles as "Resolution Profile" assignment_group as "Assignment Group" assigned_to as "Assigned To"</query> Thanks in advance, Nicolo ... View more

Hi All, Could you help me on creating a drilldown table that will list all the ticket number based on the value of the resolution profile in another table. Please see below my search query. serach query...| stats count by u_resolution_profiles | sort -count | rename count as "Number" u_resolution_profiles as "Resolution Profile" Table view that is from my stats command: Resolution Profile | Number User Maintenance | 100 Thanks in advance ... View more

Hi All, My dashboard is working fine and as expected for a month now. My dashboard is about incident management for customer update to be exact. My issue is that one of my column(need_to_update) is not sorting in an ascending order. It was working fine for all the values for the month of October but when there were new values for November, the November values are now at the top of the table which should not be because it is sorted in an +need_to_update. | where breach_status="Not Breached" | sort +need_to_update |table ticket_number severity assignment_group additional need_to_update assigned_to | rename ticket_number as "Ticket Number" severity as "Priority" additional as "Last Update" assignment_group as "Assignment Group" need_to_update as "Should be updated" assigned_to as "Assigned To" Example of the order of the values that is in my table: 01/11/2017 02:52:48 30/10/2017 05:19:39 30/10/2017 05:20:03 30/10/2017 05:20:34 Could anyone help me why do my data behave this way? Hoping for your opinions. Thank you. All the best, Nicolo ... View more