How do you add a row to a table that contains text...

dojiepreji · ‎11-07-2018

I am creating a table that tallies each type of request per day. Table is as follows.

  Day   |   Assigned   |   Resolved   |   Open
 Jan 1  |     13       |  2           | 12
 Jan 2  |     6        |  2           | 12

My code:

bin _time span=day 
| stats count(eval(request="queue")) as Assigned count(eval(request="resolved")) as Resolved count(eval(current_ticket_state="open")) as Open by _time 
| eval _time = strftime(_time, "%d-%b-%y") 
| rename _time as Day

What I need now is a row that will have a text of 'carryover' on column Day and an eval carryover = Resolved - Assigned from the previous month for its value on the 'Assigned' column. Here is the supposed output.

   Day    |   Assigned   |   Resolved   |   Open
Carryover |     5       |              |    
Jan 1     |     13      |       2      |    12 
Jan 2     |     6       |       2      |    12

How should I achieve this?

woodcock · ‎11-22-2018

Your description does not at all match your sample output in the following ways:
1: It only shows 1 month
2: The Carryover value of 5 cannot be achieved by any convolution of the math that you provided.

mstjohn_splunk · ‎11-27-2018

hi @dojiepreji,

Are you still having trouble with this issue? If so, please answer the commenter above so that they can help you further. Or, if you solved your query, would you mind describing the steps you took so that others can learn from your solution?

Thanks.

How do you add a row to a table that contains text and an eval value?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!