Hi ,
I want a chart exactly like the image attached.
My data is input lookup csv file .
My time filed name is "Opened"
Data Global * field name is "Assignment group"
Please help me with the query.
I tried something like this but this is not what i want.
index=level3 host=Test | chart count over Opened by "Assignment group"
Thanks
My first stab at it would be something like this. This will give you 14 days, including yesterday, but not today.
index=level3 host=Test earliest="-14d@d" latest="-0d@d" | timechart span=1d limit=20 count Opened by "Assignment group"
Then in the visualations tab change the format to Column, and Format, stacked.
My first stab at it would be something like this. This will give you 14 days, including yesterday, but not today.
index=level3 host=Test earliest="-14d@d" latest="-0d@d" | timechart span=1d limit=20 count Opened by "Assignment group"
Then in the visualations tab change the format to Column, and Format, stacked.
Now am getting results with the below query but am unable to sort it date wise rather it sorts numerically.
I have two date fields with values like this:
Opened = 09/27
Opened D = 09/29/16
Figure1
index=level3 host=Test | eval _time=strptime("Opened D","%Y-%m-%d %H:%M:%S.%N")|chart count OVER "Opened D" BY "Assignment group" | sort -"Opened D"
Figure2
One more thing in the x-axis instead of “Opened D” how can I get the actual dates ?
If I enable event sampling only then am getting the dates if I slect “No event sampling” then the dates aren’t reflecting. How to solve this ?
And if I am enabling event sampling am missing some dates data also.
