Splunk Search

generate a graph where the x -axis represent number of times the ticket was assigned and Y-axis represent number of tickets

wessam
Explorer

Hello all ,

I need your help as i have list of tickets called "Tickets" and i would like to generate a graph where the x -axis represent number of times the ticket was assigned and Y-axis represent number of tickets
for Ex :
Tickets
AB111
AB111
AB122
AB910
AB122

so i would like to get the below results

Number of times Tickets_numbers
1 1
2 2
3 0

which illustrate that only one ticket was assigned one time however we had 2 tickets that was assigned two times and no tickets was assigned three times

Thanks

Tags (1)
0 Karma

cmerriman
Super Champion

this gave me similar results:

|makeresults|eval ticketId="AB111,AB111,AB122,AB910,AB122"|makemv ticketId delim=","|mvexpand ticketId|eventstats count by ticketId|stats dc(ticketId) by count

so try something like:

|eventstats count as NumTimes by ticketId|stats dc(ticketId) as Ticket_Numbers by NumTimes 

somesoni2
SplunkTrust
SplunkTrust

Or this (will be efficient than using eventstats)

your base search | stats count by NumTimes by ticketId | stats count as Ticket_Numbers by NumTimes

cmerriman
Super Champion

edit:

|stats count as NumTimes by ticketId|stats count as Ticket_Numbers by NumTimes
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...