For a data set like this:
stage=Cstage1 status=h1_status1 host=host1 _time=time1
stage=Astage2 status=h1_status2 host=host1 _time=time2
stage=Bstage3 status=h1_status3 host=host1 _time=time3
...
I would like to report to something like this:
host Cstage1 Astage2 Bstage3
host1 h1_status1 h1_status2 h1_status3
host2 h2_status1 h2_status2 h2_status3
...
It is important that those column names be sorted by time order. If I use xyseries or chart commands, they list dynamic column names by alphabetic order, i.e.,
host Astage2 Bstage3 Cstage2
host1 h1_status2 h1_status3 h1_status2
host2 h2_status2 h2_status3 h2_status2
...
which looks plain weird and incomprehensible.
So far I can only achieve my desired order by manually adding a numeric prefix like
| eval stage=case(stage="Cstage1", "1-Cstage1", stage="Astage2", "2-Astage2", stage="Bstage3", "3-Bstage3")
Alternatively, I can use `eval {stage}` like
| eval {stage} = status
| stats list(Cstage1) list(Astage2) list(Bstage3) by host
This is hard and only work in limited cases. (In the past, I probably used some eval + string tricks to work with more "stages". Still awkward nonetheless.)
What is the "proper" way to persuade xyseries or chart to do what I wanted?
↧