I am trying to display a line chart that counts in a 15min spans throughout the course of a day the number of tickets that were opened to my group by looking for my specific group name and only counting one time the earliest time my group name appears in that ticket and treating that as the time the ticket was opened to my group. The only problem being that my group name will show multiple times in the ticket as we attempt to contact customers and tickets can leave our group to be sent to other groups throughout the day.
sourcetype=TicketSource
| stats NumberOfTickets=count(eval(searchmatch("MyGoupName")))
| dedup TicketNumbers
| bucket span=15m _time
| stats sum(NumberOfTickets) as "Number of tickets opened" by _time
↧