I have a report to build on QRadar.
The focus is to get the EPS grouped by log source.
This goal has been achieved, simply googling and building a query like this:
SELECT LOGSOURCENAME(logsourceid) AS "Log Source", SUM(eventcount) AS "Number of Events in Interval", SUM(eventcount) / X AS "EPS in Interval"
FROM events
WHERE NOT (LOGSOURCENAME ( logsourceid ) IN ('Asset Profiler-2 :: QRadar','Custom Rule Engine-8 :: QRadar', 'SIM Audit-2 :: QRadar', 'Health Metrics-2 :: QRadar', 'System Notification-2 :: QRadar', 'SIM Generic Log DSM-7 :: QRadar', 'Anomaly Detection Engine-2 :: QRadar'))
GROUP BY "Log Source"
ORDER BY "EPS in Interval"
DESC LAST Y DAYS
that, in a nutshell, exclude the internal log source of QRadar with where clause. Y is used for days and X are the seconds in Y; for example:
SELECT LOGSOURCENAME(logsourceid) AS "Log Source", SUM(eventcount) AS "Number of Events in Interval", SUM(eventcount) / 1209600 AS "EPS in Interval"
FROM events
WHERE NOT (LOGSOURCENAME ( logsourceid ) IN ('Asset Profiler-2 :: QRadar','Custom Rule Engine-8 :: QRadar', 'SIM Audit-2 :: QRadar', 'Health Metrics-2 :: QRadar', 'System Notification-2 :: QRadar', 'SIM Generic Log DSM-7 :: QRadar', 'Anomaly Detection Engine-2 :: QRadar'))
GROUP BY "Log Source"
ORDER BY "EPS in Interval"
DESC LAST 14 DAYS
tell us the EPS, grouped by log source, for last 2 week (Y is 14 days, X is 1209600 seconds, the ones in 2 week). The search has been tested and works fine. The chart spawned after search end are a Pie Chart and a Bar chart.
Now, the problem is this: we need a timechart. More specifically, the final graphic must have:
Days on X-assys
EPS on Y-assys
The curves on graphic must be the single log source
that, in a nutshell, is something like that:
Now, if I simply go on one of spwaned chart and change it in Time series, the output is empty.
So, my question is: how may I modify my search to achieve the above chart?
Related
How can I split a duration by one hour interval depending on the start time and end time?
Like, if start time = 6:30:00 and end time = 8:30:00 then from 6.30 to 7.30 it will give h1, 7.30 to 8.30 it will give h2 n all.. Tried with dense_rank but didn't work.. Can anyone plz help?
I need to have hour_of_shift h1,h2... like this..with time key 0630 to 0730 it will give h1 and so on..
tried with this query
select td.time_key tdkey, shft.shid shid,
('h' || DENSE_RANK() OVER ( ORDER BY substr(time_key, 1, 2))) hour_of_shift
from smartweld_sample_dev4.time_dim td,
smartweld_sample_dev4.shift shft
where td.timeofday::time between shft.START and shft.END;
but it is giving h1 for 6.30 to 7.00 and then it is increasing the rank by one.how can can do that?
In Pine Script, how do I find the price based on a certain number of days ago? I've tried something like this...
// Find the price 90 days ago
target = time - 90 * 60 * 60 * 24 * 1000
valuewhen(time < target, close, 1)
...however time < target never seems to return true – presumably because the current bar's time cannot also be in the past at the same time. Perhaps valuewhen() wasn't designed to be used with dynamic values that change on every bar?
Do I need to use a loop instead, and scan through every past bar until I find the date I'm looking for?
Perhaps there's a better way, but the workaround I'm using currently using is a function with a for loop, scanning backwards until the appropriate date is found. Here is my function:
priceXDaysAgo(numDays) =>
targetTimestamp = time - numDays*60*60*24*1000
// Declare a result variable with a "void" value
float result = if false
1
// We'll scan backwards through the preceding bars to find the first bar
// earlier than X days ago (it might be a little greater than X days if
// there was a break in trading: weekend, public holiday, etc.)
for i = 1 to 1000
if time[i] < targetTimestamp
result := close[i]
break
result
You can then call the function anywhere in your script:
priceXDaysAgo(90)
Need help with calculation in Tableau. I have field as priority High, Medium and Low.
For High and medium i have the TAT as 2 hours and for low it is 4 hours.
I need to add a calculation which for each ticket based on their priority level shows respective priority hours as either 2 or 4 hours.
I have added a calculation :
if [Priority]= "High" then "2 Hours"
ELSEIF [Priority]= "Medium" then "2 Hours"
ELSE "4 Hours"
END
however this is a string whereas i need it in hour format so that i can add a flag whether ticket missed or met the SLA.
This i would do basis another column which is time taken to acknowledge.
Let’s consider Start Time = 07/06/2017 5:30:00 AM and End Time = 07/06/2017 8:40:00 AM
Create a calculated field (time_diff_seconds) to calculate time difference between start & end time
(DATEDIFF('hour’,[Start Time],[End Time]) * 3600) + (DATEDIFF(‘minute’,[Start Time],[End Time]) * 60) + DATEDIFF(’second’,[Start Time],[End Time])
Now coming back to your calculated field (SLA_seconds) definition, I would modify it to look something like:
IF [Priority]= "High" then 2*3600
ELSEIF [Priority]= "Medium" then 2*3600
ELSE 4*3600
END
Then finally create your flag as another calculated field i.e. SLA_met
IF time_diff_seconds <= SLA_seconds THEN “Y”
ELSE “N”
END
Hope this helps! Pls don't forget to mention if it solves your problem :)
I have tried the code.
DEFINE VARIABLE totalbalance AS DECIMAL NO-UNDO.
DEFINE FRAME f1
WITH CENTERED THREE-D SIZE 100 BY 50.
FOR EACH customer NO-LOCK BREAK BY country WITH FRAME f1:
ACCUMULATE balance(TOTAL BY country).
IF FIRST-OF(customer.country) THEN
DISPLAY customer.country.
DISPLAY customer.state customer.balance.
IF LAST-OF(customer.country) THEN
DO:
DISPLAY SKIP FILL("-", 25) AT 50 FORMAT "x(25)".
DISPLAY ACCUM TOTAL customer.balance AT 51.
DISPLAY SKIP FILL("-", 25) AT 50 FORMAT "x(25)".
END.
END.
It only gives total balance per country but I also want to display total balance per state.
You do not have a "break by state" so it will do nothing by state.
Something like this (not very tested):
define frame f1
with
centered
.
for each customer no-lock break by country by state with frame f1:
accumulate balance( total by country ).
accumulate balance( sub-total by state ).
if first-of( customer.country ) then
display customer.country.
if first-of( customer.state ) then
display customer.state.
display customer.balance.
if last-of( customer.country ) then
do:
display skip fill( "-", 25 ) at 50 format "x(25)".
display accum total customer.balance at 51.
display skip fill( "-", 25 ) at 50 format "x(25)".
end.
if last-of( customer.state ) then
do:
display skip fill( "-", 25 ) at 80 format "x(25)".
display accum sub-total customer.balance at 81.
display skip fill( "-", 25 ) at 80 format "x(25)".
end.
end.
(That probably doesn't actually work... but the multiple BY clauses are the main thing that you are missing.)
Personally I find the ACCUM syntax to be unpleasant and not worth bothering with. I usually just create and manage simple variables. I find that sort of coding to be much cleaner. So unless this is a "gotchya" question on a skills test I strongly suggest that you avoid coding in this manner. If it is a "gotchya" question move on to a more suitable prospective employer -- you don't want to work for anyone who thinks that this is a good idea.
I would do it more like this:
define variable countryBalance as decimal no-undo.
define variable stateBalance as decimal no-undo.
for each customer no-lock break by country by state with frame f1:
if first-of( customer.country ) then
do:
display customer.country.
countryBalance = 0.
end.
if first-of( customer.state ) then
do:
display customer.state.
statebalance = 0.
end.
assign
countryBalance = countryBalance + customer.balance
stateBalance = stateBalance + customer.balance
.
display customer.balance.
if last-of( customer.country ) then
do:
display countryBalance.
end.
if last-of( customer.state ) then
do:
display stateBalance.
end.
end.
I think that is a whole lot easier to read, understand and maintain.
I have a cross-tab in crystal reports with column representing transport line, rows showing dates and summary field representing TEU (its just numerical value). So I have something like this:
L1 L2 L3 TOTAL
D1 10 5 0 15
D2 1 3 5 9
D3 3 50 17 70
Now I'd like to conditionally put background to the summary (numerical) field, but the condition depends also on the line. So in theory, after clicking on the summary field->format field->background->formula I'd put something like this:
select {#Line}
case "L1": (if currentfieldvalue >5 then crGreen else crRed)
case "L2": (if currentfieldvalue >10 then crGreen else crYellow)
case "L3": (if currentfieldvalue <8 then crBlue else crNoColor)
but for some reasons those conditions are completely ignored. I've even tried something as simple as
if {#Line} ="L1" then crGreen
but as above, crystal 2011 (14.06) ignores it.
Got it finally using GridRowColumnValue ("#Line"):
select GridRowColumnValue ("#Line")
case "L1": (if currentfieldvalue >5 then crGreen else crRed)
case "L2": (if currentfieldvalue >10 then crGreen else crYellow)
case "L3": (if currentfieldvalue <8 then crBlue else crNoColor)
Source: http://www.crystalreportsbook.com/Forum/forum_posts.asp?TID=6798