| Tab1 | Tab2 | Tab3 | Tab4 | Tab5 | _time |
| 200 | 200 | 200 | 200 | 200 | timestamp value |
| 200 | 200 | 200 | 200 | 200 | timestamp value |
the above data i'm getting from an index which has json data after writing
index = xyz
| table Tab*,_time
| Tab1 | Tab2 | Tab3 | Tab4 | Tab5 | _time | reltime |
| 200 | 200 | 200 | 200 | 200 | timestamp | some hours ago |
the above table i'm getting after adding
| sort - _time | head 1| reltime to the above query
then i'm doing transpose column_name=Application_list | rename 'row 1' as Status
| eval status = if((Status=200),"up","down)
is there any way to retain the reltime column to the above table after transposing it because i'm getting below output?
| application_list | Status |
| Tab1 | up |
| Tab2 | up |
| Tab3 | up |
| Tab4 | up |
| Tab5 | up |
| reltime | down |
| _time | down |
and i want it like
| application_list | Status | reltime |
| Tab1 | up | x hours ago |
| Tab2 | up | x hours ago |
| Tab3 | up | x hours ago |
| Tab 4 | up | x hours ago |
| Tab 5 | up | x hours go |
below is the whole query:
index = xyz
| table Tab*,_time
| sort - _time | head 1| reltime
| transpose column_name=Application_list | rename 'row 1' as Status
| eval status = if((Status=200),"up","down)
