Hi Guys,
Please help with this below scenario.
I have events like this
Now I want to take the events has a "success" status. Here I need to display the results in the same format which mentioned in the snapshot.
I tried with below query but it's not giving me the correct data
|<base_query>
|stats earliest(status) AS earliest_state,latest(_time) latest(status) AS latest_state BY Name_Of_the_Job |eval job_status=if(earliest_state="SUCCESS","SUCCESS","FAIL") |table host, Application_name, Job_name, job_duration, _time, status
Thanks in advance
... View more