The intermediate result of a query is
Machine | ErrorType |ErrorCount
A | ErrorA | 4
A | ErrorB | 3
B | ErrorC | 6
B | ErrorD | 3
C | ErrorE | 3
C | ErrorF | 9
I want to show the top 1 result(in terms of Error count) per machine. The result should be like
Machine | ErrorType |ErrorCount
A | ErrorA | 4
A | ErrorC | 6
B | ErrorF | 9
I tried using "top 1 ErrorCount by Machine" but it is trimming other useful fields like ErrorType.
How do I achieve this?
Give this a try
your current search giving Machine, ErrorType ,ErrorCount | sort 0 Machine,-num(ErrorCount) | dedup Machine