I have a search command and it return below results:
[mysearch]|dedup version|fields version
version
11
22
33
44
I would like to create another field which its values are in reverse order of version as below, how can I do in search command?
version reverse_version
11 44
22 33
33 22
44 11
Have you looked at the sort
search command? Not good enough?
If you really want to have original order and reverse order in separate columns in the same table, then you'll have to look at appendcols
;
<your base search> | appendcols [search <your base search>| rename version as rev_version| sort -rev_version]
a faster way would be appendpipe
, but your table would be skewed;
<your base search> | appendpipe [rename version as rev_version| sort -rev_version]
Hope this helps..
Kristian
Have you looked at the sort
search command? Not good enough?
If you really want to have original order and reverse order in separate columns in the same table, then you'll have to look at appendcols
;
<your base search> | appendcols [search <your base search>| rename version as rev_version| sort -rev_version]
a faster way would be appendpipe
, but your table would be skewed;
<your base search> | appendpipe [rename version as rev_version| sort -rev_version]
Hope this helps..
Kristian
yeah, well, that stats
command is part of what I meant with <your base search>
.
However, you'll be running the same search twice, both in the outer and inner search (i.e. the subsearch).
The second option, appendpipe
, operates on the results from first search, which - at least in this case - is a very small set of data (4 events).
Thanks Kristian, the first search command is working!
And I have to add the stats command as below: