Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add 2+ level aggregations PPL command #488

Closed
anasalkouz opened this issue Jul 26, 2024 · 0 comments · Fixed by #603
Closed

Add 2+ level aggregations PPL command #488

anasalkouz opened this issue Jul 26, 2024 · 0 comments · Fixed by #603
Assignees
@YANG-DB
Labels
enhancement New feature or request Lang:PPL Pipe Processing Language support

Comments

@anasalkouz
Copy link
Member

anasalkouz commented Jul 26, 2024
edited by YANG-DB
Loading

support multiple level aggregations using stats command:

Let's assume index named logs with the following fields:

  • timestamp: The time of the log event
  • host: The hostname of the machine
  • service: The service name
  • response_time: The response time of the service

Perform a two-level aggregation where:

  • First aggregate the average response_time by host.
  • Then aggregate the average of these average response times by service.
source=logs
   | stats avg(response_time) as avg_response_time by host, service
   | stats avg(avg_response_time) as avg_host_response_time by service

Details:

First Level Aggregation:
The first stats command calculates the average response_time for each host and service combination.

source=logs
   | stats avg(response_time) as avg_response_time by host, service

Second Level Aggregation:
The second stats command then takes the result of the first aggregation and calculates the average of these average response times grouped by service.

   | stats avg(avg_response_time) as avg_host_response_time by service
@anasalkouz anasalkouz converted this from a draft issue Jul 26, 2024
@anasalkouz anasalkouz moved this to Todo in PPL Commands Jul 26, 2024
@anasalkouz anasalkouz added Lang:PPL Pipe Processing Language support enhancement New feature or request and removed untriaged labels Jul 26, 2024
@YANG-DB YANG-DB self-assigned this Aug 21, 2024
@LantaoJin LantaoJin mentioned this issue Aug 28, 2024
Merged
4 tasks
@github-project-automation github-project-automation bot moved this from Todo to Done in PPL Commands Aug 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@YANG-DB YANG-DB

Labels
enhancement New feature or request Lang:PPL Pipe Processing Language support
Projects
PPL Commands
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add UT and IT for 2+ level aggregations PPL command LantaoJin/opensearch-spark
2 participants
@anasalkouz @YANG-DB