status
success
failure
error
I want output like
status status 1 status2
success failure error
@skodak
you can use eval to split the field values
eval status1=if(like(status, "%failure%"), status, NULL), status2 = if(like(status, "%error%"), status, NULL), status=if(like(status, "%success%"), status, NULL)
Hope this helps
View solution in original post
Thank you. This helped me to resolve the issue.
| makeresults | eval _raw="status success success failure failure error error" | multikv forceheader=1 | table status | rename COMMENT as "the logic" | streamstats dc(status) as session | eval session="status".session | stats list(status) as vstatus by session | eval {session} = vstatus | stats list(status*) as status*
