i'm trying to create this query for Humio and can't figure out the syntax I need.
I want to use the regex() function on fieldA, put its result in a new field RESULT and then look for RESULT inside the text of fieldB.
I tried something like:
regex(regex="...(?<RESULT>...)...", field=fieldA)
| in(field=fieldB, values=[*RESULT*])
but I can only pass free text to the value of the in() function.
How can I pass the value of the new field?
Related
This My code
Map<Strig,Object> map
so inside **map** object having value like this
{id=123, type=V, bn={type=P, value=MCD}, s=[{type=p, dsId=udi, s={type=p, value=SM}, value=55}, {type=P, dsId=psg, s={type=P, value=GPS}, value=11}, {type=P, source={type=P, value=CAMM}, value=10}]}
i want to be reomve some specfic value from this Map so My
desire output should be like this
{id=123, type=V, bn=MCD, s=[{dsId=udi, s={value=SM}, value=55}, { dsId=psg, s={value=GPS}, value=11}, {source={value=CAMM}, value=10}]}
So Map<String,Object> map representation should be above like of code
Here i want to do response optimization so please help me how to do this .
I have one table with 3 columns.
id
start
end
I am applying one function on table , function with 3 arguments.
Ex:Function1(id,start,end)
This function is working when I pass static value to it.but I want to run this function on full table.
How to do this?
This my use case Actually
datatable(id:string, start:string,end:string)
[
'Z213',datetime(2021-08-06T02:12:37.1597030Z),datetime(2021-08-06T17:37:21.8962890Z),
'Z213',datetime(2021-08-06T00:00:25.7896310Z),datetime(2021-08-06T01:59:50.1172850Z),
'Z213',datetime(2021-08-06T02:04:37.1243340Z),datetime(2021-08-06T02:12:37.1352020Z),
'Z213',datetime(2021-08-06T17:45:19.7289570Z),datetime(2021-08-06T23:56:44.8047730Z),
'Z213',datetime(2021-08-06T17:43:23.7238020Z),datetime(2021-08-06T17:43:28.7256000Z),
'Z213',datetime(2021-08-06T02:04:17.1238770Z),datetime(2021-08-06T02:04:24.1256730Z),
'Z213',datetime(2021-08-06T02:02:15.1199760Z),datetime(2021-08-06T02:02:15.1204780Z),
]
|invoke function1('Z213',datetime(2021-08-06T02:12:37.1597030Z),datetime(2021-08-06T17:37:21.8962890Z))
So when I pass this 1st row then it will work fine .
but I want do this like
|invoke Function (id,start,end)
Take a look at the tabular functions here is an example:
let append_to_column_a=(T:(a:string), what:string) {
T | extend a=strcat(a, " ", what)
};
datatable (a:string) ["sad", "really", "sad"]
| invoke append_to_column_a(":-)")
I have the following table in Lua:
local a = {orszag = {"Ausztria", "Albánia", "Azerbajdzsán"}, varos = {"Ankara", "Amszterdam", "Antwerpen"}, fiu = {"Arnold", "Andor", "Albert"}, lany = {"Anna", "Anasztázia", "Amanda"}}
I would like to do the following:
for i in a["orszag"] do etc. (for example compare all the words in the value to the user input)
But when I do so I get the following: attempt to call a table value.
So I know, it works in python for example, but is it possible somehow to do this in Lua as well?
Use
for k,v in pairs(a["orszag"]) do
I have a dictionary of phone numbers where number is Key and country is value. I want to update the key and add country code based on value country. I tried to use the map function for this:
print('**Exmaple: Update phone book to add Country code using map function** ')
user=[{'952-201-3787':'US'},{'952-201-5984':'US'},{'9871299':'BD'},{'01632 960513':'UK'}]
#A function that takes a dictionary as arg, not list. List is the outer part
def add_Country_Code(aDict):
for k,v in aDict.items():
if(v == 'US'):
aDict[( '1+'+k)]=aDict.pop(k)
if(v == 'UK'):
aDict[( '044+'+k)]=aDict.pop(k)
if (v == 'BD'):
aDict[('001+'+k)] =aDict.pop(k)
return aDict
new_user=list(map(add_Country_Code,user))
print(new_user)
This works partially when I run, output below :
[{'1+952-201-3787': 'US'}, {'1+1+1+952-201-5984': 'US'}, {'001+9871299': 'BD'}, {'044+01632 960513': 'UK'}]
Notice the 2nd US number has 2 additional 1s'. What is causing that?How to fix? Thanks a lot.
Issue
You are mutating a dict while iterating it. Don't do this. The Pythonic convention would be:
Make a new_dict = {}
While iterating the input a_dict, assign new items to new_dict.
Return the new_dict
IOW, create new things, rather than change old things - likely the source of your woes.
Some notes
Use lowercase with underscores when defining variable names (see PEP 8).
Lookup values rather than change the input dict, e.g. a_dict[k] vs. a_dict.pop(k)
Indent the correct number of spaces (see PEP 8)
Below is the XML structure where I want to get the entries for which element co:isbn is not available:-
<tr:trackingRecord xmlns:tr="https://www.mla.org/Schema/Tracking/tr"
xmlns:co="https://www.mla.org/Schema/commonModule/co"
xmlns:r="http://www.rsuitecms.com/rsuite/ns/metadata">
<tr:journal>
<tr:trackingDetails>
<tr:entry>
<co:trackingEntryID>2015323313</co:trackingEntryID>
<co:publicationDate>2015</co:publicationDate>
<co:volume>21</co:volume>
</tr:entry>
<tr:entry>
<co:trackingEntryID>2015323314</co:trackingEntryID>
<co:publicationDate>2015</co:publicationDate>
<co:isbn>
<co:entry>NA</co:entry>
<co:value>1234567890128</co:value>
</co:isbn>
</tr:entry>
<tr:entry>
<co:trackingEntryID>2015323315</co:trackingEntryID>
<co:publicationDate>2015</co:publicationDate>
<co:volume>21</co:volume>
<co:isbn></co:isbn>
</tr:entry>
<tr:entry>
<co:trackingEntryID>2015323316</co:trackingEntryID>
<co:publicationDate>2015</co:publicationDate>
<co:volume>21</co:volume>
</tr:entry>
</tr:trackingDetails>
</tr:journal>
</tr:trackingRecord>
Please suggest the cts:query for the same.
If you can edit xml structure, add one attribute in entry element, like
<tr:entry isbnPresent="yes"> for isbn present,
<tr:entry isbnPresent="no"> for isbn absent
and based on these field fire search with,
cts:element-attribute-value
on it.
OR
without editing schema, try like, ,
for $i in cts:search(//tr:entry,"2015")
return if(fn:exists($i//co:isbn)) then () else $i