Solved: How do I edit my search to group FieldB values by ...

pradiptam · ‎12-08-2015

My input table is like this

Ticket No   Tower    Status
1           Backup  Resolved
2           Storage   WIP
3           Vmware  Resolved
4           Backup  Pending with Customer
5           Vmware  WIP

My Output table should be like this

Ticket Count    Tower     Status
   2            Backup    Resolved,   Pending with Customer
   2            Vmware    WIP, Resolved
   1            Storage   WIP

I am not getting the desired results as expected while visualizing the same. I am using the following search:

| inputlookup report_data.csv | search  "Create month"=Nov | stats count(Ticket no.)  as "Tickets Received" by Tower , Status

Any help in this regards will be appreciated.

Regards,

Pradipta

renjith_nair · ‎12-08-2015

Try this for exact output.

| inputlookup report_data.csv | search  "Create month"=Nov |stats delim="," count(Ticket no.)  as "Tickets Received",values(Status) as Status by Tower|mvcombine Status|sort - "Tickets Received"

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎12-08-2015

Try this for exact output.

| inputlookup report_data.csv | search  "Create month"=Nov |stats delim="," count(Ticket no.)  as "Tickets Received",values(Status) as Status by Tower|mvcombine Status|sort - "Tickets Received"

---
What goes around comes around. If it helps, hit it with Karma 🙂

pradiptam · ‎12-08-2015

Thanks to both richgalloway and renjith.nair. I am getting the output as desired by running ' renjith's ' query. When i go to visualization tab it shows me ' tickets reiceived => 2 ' for Backup. Can here modifications be done to show " Resolved, Pending with Customer ".

Can this be done , any suggestions i can try out.

Pradipta

renjith_nair · ‎12-09-2015

Hello Pradipta, Please mark the answer as an accepted answer if you are happy with that.
Regarding the change in field name, as you might know, you can only plot against an aggregated function or time , you can't plot two strings against each other.

---
What goes around comes around. If it helps, hit it with Karma 🙂

javiergn · ‎12-08-2015

I would do the following:

| inputlookup report_data.csv 
| search "Create month"=Nov 
| stats count(Status) as "Tickets Received", list(Status) as Status by Tower

richgalloway · ‎12-08-2015

Try this.

| inputlookup report_data.csv | search "Create month"=Nov | stats count(Ticket no.) as "Tickets Count" by Tower , Status | sort - "Ticket Count" | table "Ticket Count" Tower Status

---
If this reply helps you, Karma would be appreciated.

pradiptam · ‎12-14-2015

Hi All,

Thanks all for your support , i have resolved my issue. Done the Following steps:

1) Uploaded the File as csv.
2) Created a Data Model, based on the same.
3) Created a pivot and got my desired output. Not using inputlookup, using SPL.

Regards,
Pradipta

How do I edit my search to group FieldB values by FieldA?

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!