Hi Everyone,

My apologies for the long message, but I hope this will give enough information about my requirement.

My current Splunk search returns an output with three columns - viz. Ticket_Number, Created_Date, Classification. The data is displayed for each day of the month.

I need to show the data in the format like for each month, how many Ticket_Numbers as per the Classification. e.g.:
In January, one Sev-1 and one Sev-2. In May two Sev-2, one Sev-3 and one Sev-4 and so on.
Also, I need to display this output in a graphical representation.

My search is:

index ="my_index" sourcetype="type_1" | rename "Ticket Number" as Ticket_Number | rename "Date Created" as Ticket_created_date | table Ticket_Number, ticket_created_date | join Ticket_Number [search index ="my_index" sourcetype ="type_2" | rename "Incident Number" as Ticket_Number | rename CLASSIFICATION as Classification | table Ticket_Number, Classification] | table Ticket_Number, Ticket_created_date, Classification

My sample output:

Ticket_Number   Ticket_created_date Classification
12345               24/1/2015 9:02      Sev-1
12346               25/1/2015 9:02      Sev-2
12347               26/2/2015 9:02      Sev-3
12348               27/2/2015 9:02      Sev-1
12349               28/3/2015 9:02      Sev-4
12350               29/3/2015 9:02      Sev-2
12351               30/4/2015 9:02      Sev-3
12352               30/4/2015 9:02      Sev-1
12353                 1/5/2015 9:02     Sev-4
12354                  2/5/2015 9:02        Sev-2
12355                  3/5/2015 9:02        Sev-2
12356                 4/5/2015 9:02     Sev-3
12357                 5/6/2015 9:02     Sev-1
12358                 6/6/2015 9:02     Sev-4
12359                 7/7/2015 9:02     Sev-4
12360                 8/7/2015 9:02     Sev-2
12361                 9/8/2015 9:02     Sev-3
12362               10/8/2015 9:02      Sev-1

Can anyone please help me with the search and how to display the final output in a graph?
Thanks in advance.