我有一些这样的字段:
Group_servers|Name_server|Status**
Group1| server1|OK
Group1| server2|OK
Group2| server1|OK
Group2| server1|No data
Group2| server1|Yellow
Group2| server1|
我想要得到如下所示的结果
Group_servers|Status
Group1|OK
Group1| No data
状态组形成的条件如下:
1. If at least one server in the group has the status "No data" or the field is empty, the status for the group is " No data"
2. If at least one server in the group has the "Yellow" status, the status for the group is " Yellow"
3. If all servers in the group have the status "OK", the status for the group is " OK"
答案 0 :(得分:0)
有两种方法,一种可能比另一种更清晰
| fillnull value="No data" Status | stats values(Status) as StatusList by Group_servers将为您提供如下内容
Group_servers|StatusList
------------------------
Group1 |OK
------------------------
Group2 |No data
|Yellow
------------------------
然后您可以使用mvfind来确定每个组存在哪些值。
| fillnull value="No data" Status | stats values(Status) as StatusList by Group_servers | eval Status=if(isnotnull(mvfind(StatusList,"No data")),"NoData",( isnotnull(mvfind(StatusList,"Yellow")),"Yellow","OK"))
作为替代方案,您可以执行以下操作,即只为每个状态分配一个数字分数,然后获取每个组的最小值。
eval status_code=case(Status="OK",2, Status="Yellow",1,1==1,0) | stats min(status_code) as min_status_code by Group_servers | eval Status=case(min_status_code=2,"OK",min_status_code=1,"Yellow",1==1,"No data")