I would like to display some data that has columns based on dynamic data from the search results.
e.g. Assuming I have a query to calculate which two servers have the most users logging into them. I can write a query to give me the data in the form of:
Date | ServerWithMostLogins | ServerWithSecondToMostLogins
However, rather than calling the columns `ServerWithMostLogins`, I'd rename the column to the server's name.
I know I can use something like ` | eval {ServerName} ` but then I don't think I would be able to run `stats` over that column.
Is this possible?
Edit, for example, say I have this data in my search result:
Date=Today UserName=user1 ServerLoggedInto=Server23
Date=Today UserName=user45 ServerLoggedInto=Server33
Date=Today UserName=user11 ServerLoggedInto=Server23
Date=Today UserName=user11 ServerLoggedInto=Server23
etc
What I would like is to display which 2 servers have the most logins:
| Date | Server23 | Server 33 |
+---------+----------+-----------+
| Today | 3 | 1 |
I get most of this, the thing currently stumping me is how to get the ServerName as the column name.
↧