10-10-2024 06:53 AM
I like to get a hint how i can build simple xql query for overtime timeframe for incidents. I need to filter that data, but that kind report that i can show example monthly base report for customer. where there are data for each day
01-20-2025 10:37 PM
Ok. I found it.
config timeframe = 1y
|dataset= incidents
|filter (status = RESOLVED_AUTO_RESOLVE)
|fields creation_time ,status
|alter month = format_timestamp("%m",creation_time )
|sort asc month
|comp count(status ) as total_auto_resolved_inc_month by month
| view graph type = column subtype = grouped xaxis = month yaxis = total_auto_resolved_inc_month
10-10-2024 08:29 PM
Hello @T.Nurmi
Thanks for reaching out on LiveCommunity!
To get a comprehensive view of incidents over time please use "Incident Management" dashboard where you can interact with data based on various parameters like status, severity and assignment etc. You can also generate a report of it based on the timeframe that you want to see. You can also create a custom dashboard based on "Incident Management" by adding custom widgets for your particular use case.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
10-10-2024 10:53 PM
Hi. Thanks for answer, but what i try to find is to get trend reports . example here is data for 30 days, but i like to get trend reports for this kind info> then able to see monthly report/by day
config timeframe between "30d" and "now"
| dataset = incidents
| filter (status in (ENUM.NEW,UNDER_INVESTIGATION ))
| filter (alert_sources != "fw")
| comp count(status) as counter by status
| view graph type = pie xaxis = status yaxis = counter
01-17-2025 03:51 AM - edited 01-17-2025 03:52 AM
Hi,
Thanks for answer but I need to calculate month by month in the last 1 year. For example march 2024-april 2024 245 incident,april 2024-march 2024 230 incidents and in the same query.
01-20-2025 10:37 PM
Ok. I found it.
config timeframe = 1y
|dataset= incidents
|filter (status = RESOLVED_AUTO_RESOLVE)
|fields creation_time ,status
|alter month = format_timestamp("%m",creation_time )
|sort asc month
|comp count(status ) as total_auto_resolved_inc_month by month
| view graph type = column subtype = grouped xaxis = month yaxis = total_auto_resolved_inc_month
01-21-2025 12:19 AM
Thanks 🙂 very good advice
01-22-2025 12:49 AM
so if i want to compare example truepositive and falsepositive /month with year level> what i should add to query
02-02-2025 11:49 PM
Hi,
I guess you need below query
config timeframe = 1y
|dataset= incidents
|fields creation_time ,status
|alter month = format_timestamp("%m",creation_time )
|sort asc month
|comp count(status) as total_inc_month by month,status
|dedup total_inc_month ,status by asc month
| view graph type = column subtype = stacked xaxis = month yaxis = status,total_inc_month default_limit = `false` seriescolor("status","#ee0505") headerfontsize = 3 legendfontsize = 4 xaxistitle = "Status by month" yaxistitle = "Count"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
