Hi,
I want to get a count on tickets with the latest status of "In Progress". An example of the data set is below:
In this example data set, I should be getting a count of 1 ticket in "in Progress". I have tried a number of functions and reviewed the forum on similar questions, but I can't get the search working.
Any help would be greatly appreciated.
Thanks,
Craig
It would help if you shared your current search. However, dedup
should help solve the problem. It selects the most recent entry when it finds more than one with the same value so the earlier instance of RT-3 won't be seen.
index=foo ticket_number=* status=* last_updated_date_time=* | dedup ticket_number| search status="In Progress" | stats count
It would help if you shared your current search. However, dedup
should help solve the problem. It selects the most recent entry when it finds more than one with the same value so the earlier instance of RT-3 won't be seen.
index=foo ticket_number=* status=* last_updated_date_time=* | dedup ticket_number| search status="In Progress" | stats count
seems to be working. thank you for your help. Appreciated