- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| ID | curr_row | comparison_result |
| 19 | Turn on | equal |
| 19 | 1245 | equal |
| 19 | 1245 | equal |
| 19 | 1245 | equal |
| 19 | 1245 | equal |
| 19 | 1245 | equal |
| 19 | 1245 | equal |
| 20 | Turn on | not equal |
| 20 | 7656 | equal |
| 20 | 7690 | not equal |
| 20 | 8783 | equal |
For the above table, whenever a comparison_result column value is equal to "not equal", it should copy the corresponding whole row value and insert before that row by changing curr_row value alone to "Turn on" without using mvexpand command. I have tried with mvexpand query, memory issue was there.
Mvexpand query:
| eval row=if(comparison_result=="not equal" AND curr_row!="Turn on",mvrange(0,2),null()) | mvexpand row | eval curr_row=if(row==0,"Turn on",curr_row) | fields - row
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
stats command will give you better performance over mvexpand and memory limitation issues. Please check below sample search and try to design your search as per requirement.
| makeresults
| eval _raw="ID curr_row comparison_result
19 Turn on equal
19 1245 equal
19 1245 equal
19 1245 equal
19 1245 equal
19 1245 equal
19 1245 equal
20 Turn on not equal
20 7656 equal
20 7690 not equal
20 8783 equal"
| multikv forceheader=1
| table ID curr_row comparison_result
| rename comment as "Upto now is data generation logic only"
| eval a=1 | accum a
| eval row=if(comparison_result=="not equal" AND curr_row!="Turn on",mvrange(0,2)," ")
| stats c by a ID curr_row comparison_result row
| sort a
| eval curr_row=if(row==0,"Turn on",curr_row)
| table ID curr_row comparison_result
I hope this will help you.
Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
stats command will give you better performance over mvexpand and memory limitation issues. Please check below sample search and try to design your search as per requirement.
| makeresults
| eval _raw="ID curr_row comparison_result
19 Turn on equal
19 1245 equal
19 1245 equal
19 1245 equal
19 1245 equal
19 1245 equal
19 1245 equal
20 Turn on not equal
20 7656 equal
20 7690 not equal
20 8783 equal"
| multikv forceheader=1
| table ID curr_row comparison_result
| rename comment as "Upto now is data generation logic only"
| eval a=1 | accum a
| eval row=if(comparison_result=="not equal" AND curr_row!="Turn on",mvrange(0,2)," ")
| stats c by a ID curr_row comparison_result row
| sort a
| eval curr_row=if(row==0,"Turn on",curr_row)
| table ID curr_row comparison_result
I hope this will help you.
Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you @kamlesh_vaghela . It works as expected
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
