I'm trying to chart open tickets (using a time range of "All-time" and resolved tickets by user for the current month. I've been able to chart the two fields data in the same chart but am looking for help on setting different time ranges for the two searches or fields.. for example show open tickets using an all-time time range to show all open tickets regardless of month & total tickets resolved within the selected month from the dropdown.
This is the current query I'm using but my open tickets numbers are not accurate as it's only showing opened tickets for the selected month.
index=test sourcetype="test*" User=* Group="HelpDesk"
| dedup Tickets
| eval State=if(Closed!="0" OR Status="Closed" OR Status="*Reject*" OR Status="Abort*","Resolved","Open")
| eval Time=strftime(_time, "%m/%d/%Y %I:%M:%S %p")
| rex field=Time "(?\d+)/"
| rex field=Time "(?\d{4})"
| lookup datemonth.csv date_month OUTPUT datemonth
| search datemonth="August" date_year=2018"
| chart count by User State
**** The datemonth and date_year fields are populated by dropdown tokens in the dashboard
↧