This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Conditioning on an aggregated value

Go to solution
ryan-balcerzak
Dynatrace Enthusiast
Dynatrace Enthusiast

‎12 Oct 2023 02:46 PM - edited ‎12 Oct 2023 06:54 PM

I have a question regarding a query using an If() statement.
Query:
fetch logs, scanLimitGBytes: -1
| filter matchesPhrase(content,"*******") OR matchesPhrase(content,"******")
| filter matchesPhrase(content,"*ACCESS")
| parse content, "************-'"
| filter channel != "null"
| summarize count=count(),by:{channel}

Result is screenshot. My question is, my customer wants to add another field such as "isLive" that has the value TRUE, if and only if the count() value is the greatest amount all records. In the example shown, a value of true would appear next to the blue channel because the count() is the maximum among both records. I've been trying this with an if() statement with no results because they cannot contain aggregations. Any ideas of how to accomplish this? Thank you!

 

 

 

 

Labels:
image.png
22 KB
0 Kudos
Reply
2 REPLIES 2

Go to solution
sinisa_zubic
Dynatrace Champion
Dynatrace Champion

‎12 Oct 2023 05:17 PM

hi @ryan-balcerzak 

 

This query should work.

and please check out following youtube video where I explain how the last part of the query is crafted: https://www.youtube.com/watch?v=Lgv5rxlEJ0Q

 

DQL by Use Case - Percentage Distribution
DQL by Use Case - Percentage Distribution
youtube.com/watch?v=Lgv5rxlEJ0Q
In this video, you'll learn to calculate the percentage of data distribution based on business events. Give it a try in this notebook → https://dt-url.net/n903ahd Have a question? You can ask it in our forum → https://dt-url.net/devforum Read more about DQL → https://dt-url.net/DQL-Docs Subscribe
Reply

Go to solution
ryan-balcerzak
Dynatrace Enthusiast
Dynatrace Enthusiast

‎12 Oct 2023 06:55 PM

Here is what the query looked like as a final solution:

fetch logs, scanLimitGBytes: -1

| filter matchesPhrase(content,"*********") OR matchesPhrase(content,"**********")

| filter matchesPhrase(content,"*ACCESS")

| parse content, "*************-'"

| filter channel != "null" | summarize count=count(),by:{channel}

| summarize array = collectArray(record(channel=channel, count=count)), count = collectArray(count)

| fieldsAdd count_max = arrayMax(count)

| expand array

| fields `Channel` = array[channel], `count`=array[count], isLive = if(array[count] == count_max, "🔴")

Reply
Ask a question

Featured Posts