Hi All,
I have a file of Tickets to analyse. I want to arrange the data as per the following image. What can I do to achieve the same.
Hi shiv1593,
try something like this
your_search
| chart sum(number) AS number OVER region BY priority
| addtotals
| addcoltotals labelfield=region
Bye.
Giuseppe
Hi shiv1593,
try something like this
your_search
| chart sum(number) AS number OVER region BY priority
| addtotals
| addcoltotals labelfield=region
Bye.
Giuseppe
Hi Giuseppe,
I tried. It didn't work. I am fairly new to Splunk, can you look at my query with your query added and see whether am I doing something wrong?
host="service_desk_tickets" Number="" Region="" Priority="*"
| eval Region = upper(Region)
| stats count(Number) by Region Priority
| rename count(Number) as "Total"
| chart sum(Number) AS Number OVER Region BY Priority
| addtotals
| addcoltotals labelfield=Region
Hi
the field in sum must be the one in the previous stats (rename for you):
host="service_desk_tickets" Number="*" Region="*" Priority="*"
| eval Region = upper(Region)
| stats count(Number) AS Number by Region Priority
| chart sum(Number) AS Number OVER Region BY Priority
| addtotals
| addcoltotals labelfield=Region
Only few hints:
Bye.
Giuseppe
Thanks a lot, Giuseppe. That was really helpful. I will take into account your tips.