All Apps and Add-ons
Highlighted

Grouping data having 1 key and multiple values , which are grouped with the same 'group'

New Member

I have the following mentioned data, where I want to group the data as per group. One group can have Topic details/multiple owner details/ Partition/LAG.

Time    Event
8/11/19
4:06:33.000 PM  
{   [-] 
     Data:  [   [-] 
        {   [-] 
         currentOffset:  6133   
         group:  data_testing   
         lag:    0  
         logEndOffset:   6133   
         owner:  data_testing_aws-us-east-1-0   
         partition:  6  
         topic:  data_testing   
        }   
        {   [-] 
         currentOffset:  1  
         group:  data1_testing
         lag:    0  
         logEndOffset:   1  
         owner:  MGMT_POP_stag_aws-us-east-1-0  
         partition:  6  
         topic:  data1_testing_test 
        }   
        {   [-] 
         currentOffset:  555846 
         group:  data_testing   
         lag:    -98    
         logEndOffset:   555748 
         owner:  data_testing_aws-us-east-1-6   
         partition:  6  
         topic:  data_testing_1
         }
    ...
        ...
}

My table should look like below where it has to be grouped by 'Group'

**Group Topic Partition LAG owner
datatesting datatesting 0 0 datatestingaws-us-east-1-0
datatesting datatesting 1 1 datatestingaws-us-east-1-1
...
...

datatesting datatesting 7 0 datatestingaws-us-east-1-7**

data1testing data1testing 0 1 data1testingaws-us-east-1-0
data1testing data1testing 1 0 data1testingaws-us-east-1-1
...
...
data1testing data1testing 7 0 data1testingaws-us-east-1-7

0 Karma
Highlighted

Re: Grouping data having 1 key and multiple values , which are grouped with the same 'group'

Champion

hi @qwer007
From the sample data you have provided, all partition values are 6, from where do you get its values as 0,1 &7?

| makeresults 
    | eval payload=" {    [-]    
                currentOffset:     6133    
                group:     data_testing    
                lag:     0    
                logEndOffset:     6133    
                owner:     data_testing_aws-us-east-1-0    
                partition:     6    
                topic:     data_testing    
             }    
             {    [-]    
                currentOffset:     1    
                group:     data1_testing
                lag:     0    
                logEndOffset:     1    
                owner:     MGMT_POP_stag_aws-us-east-1-0    
                partition:     6    
                topic:     data1_testing_test    
             }    
             {    [-]    
                currentOffset:     555846    
                group:     data_testing    
                lag:     -98    
                logEndOffset:     555748    
                owner:     data_testing_aws-us-east-1-6    
                partition:     6    
                topic:     data_testing_1
              }" 
    |  rex field=payload "group:(?<group>.*)" max_match=0
    | rex field=payload "topic:(?<topic>.*)" max_match=0
    |  rex field=payload "partition:(?<partition>.*)" max_match=0
    | fields group,topic,partition 
    | fields - _time
    | eval mv=mvzip(mvzip(group,topic,"*"),partition,"|")
    | mvexpand mv
    | rex field=mv "(?<group>.*?)\*" max_match=0
    | rex field=mv "\*(?<topic>.*?)\|" max_match=0
    | rex field=mv "\|(?<partition>.*)" max_match=0

Try the below query out, I have attempted to extract values for group, topic and partition. Let me know if this is closer to your requirement

0 Karma
Highlighted

Re: Grouping data having 1 key and multiple values , which are grouped with the same 'group'

Champion

hi @qwer007
Please let us know if your issue has been resolved and accept the answer if it significantly helped your resolution. Do not forget to add additional resolution details for the benefit of other form members.

0 Karma