Create dashboard breaking down to partner sites
|
Hi Guys, I'm very new to sumo and have basic knowledge in running queries. I need to run a query on the below sample log snippet in which I can count how many 'Phone_Issue' hits per call center partner site based AttributeAgentID? How do I display them in a dashboard as well? message RequestSetDNInfo AttributeReason [28] 00 01 00 00.. 'ReasonCode' 'Phone_Issue' AttributeThisDN '7991300' @04:32:10.3149 [BSYNC] Trace: Sent @04:32:10.3149 [0] distribute_response: message EventAgentNotReady AttributeExtensions [53] 00 01 00 00.. ... AttributeReason [28] 00 01 00 00.. 'ReasonCode' 'Phone_Issue' AttributeReferenceID 4769555 AttributeAgentWorkMode 0 (Unknown) AttributeAgentID 'john.doe@Partner1.com' AttributeThisDN '7991300' |
-
Hi Daniel,
To parse reasonCode and AttributeAgentID I would use these statements:
| parse "\'ReasonCode\' \'*\'" as reasonCode
| parse "AttributeAgentID \'*\'" as agentIDThen show only reasonCodes equal to "Phone Issue":
| where reasonCode="Phone Issue"
And aggregate by agentID:
| count by agentID
Then on the aggregate results tab you can select a graph of the results from the upper bar and add that to a dashboard with the "Add to Dashboard" button.
-
For regular searches and dashboards the best practice is to add a field extraction rule to parse the fields on ingest rather than in the query to keep the query running quickly. Here's a link to the documentation on field extraction rules.
Please sign in to leave a comment.
Comments
2 comments