Maybe this will fix conflict merges

Signed-off-by: keithhc2 <keithhc2@users.noreply.github.com>
This commit is contained in:
keithhc2 2021-11-16 15:59:00 -08:00
parent 748bb26360
commit 9f24ce4aa4
1 changed files with 59 additions and 59 deletions

View File

@ -47,7 +47,7 @@ search source=accounts;
| account_number | firstname | address | balance | gender | city | employer | state | age | email | lastname | | account_number | firstname | address | balance | gender | city | employer | state | age | email | lastname |
:--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :---
| 1 | Amber | 880 Holmes Lane | 39225 | M | Brogan | Pyrami | IL | 32 | amberduke@pyrami.com | Duke | 1 | Amber | 880 Holmes Lane | 39225 | M | Brogan | Pyrami | IL | 32 | amberduke@pyrami.com | Duke
| 6 | Hattie | 671 Bristol Street | 5686 | M | Dante | Netagy | TN | 36 | hattiebond@netagy.com | Bond | 6 | Hattie | 671 Bristol Street | 5686 | M | Dante | Netagy | TN | 36 | hattiebond@netagy.com | Bond
| 13 | Nanette | 789 Madison Street | 32838 | F | Nogal | Quility | VA | 28 | null | Bates | 13 | Nanette | 789 Madison Street | 32838 | F | Nogal | Quility | VA | 28 | null | Bates
| 18 | Dale | 467 Hutchinson Court | 4180 | M | Orick | null | MD | 33 | daleadams@boink.com | Adams | 18 | Dale | 467 Hutchinson Court | 4180 | M | Orick | null | MD | 33 | daleadams@boink.com | Adams
@ -57,7 +57,7 @@ search source=accounts;
To get all documents from the `accounts` index that have either `account_number` equal to 1 or have `gender` as `F`: To get all documents from the `accounts` index that have either `account_number` equal to 1 or have `gender` as `F`:
```sql ```sql
search source=accounts account_number=1 or gender="F"; search source=accounts account_number=1 or gender=\"F\";
``` ```
| account_number | firstname | address | balance | gender | city | employer | state | age | email | lastname | | account_number | firstname | address | balance | gender | city | employer | state | age | email | lastname |
@ -79,8 +79,8 @@ Field | Description | Type | Required | Default
:--- | :--- |:--- |:--- |:--- :--- | :--- |:--- |:--- |:---
`int` | Retain the specified number of duplicate events for each combination. The number must be greater than 0. If you do not specify a number, only the first occurring event is kept and all other duplicates are removed from the results. | `string` | No | 1 `int` | Retain the specified number of duplicate events for each combination. The number must be greater than 0. If you do not specify a number, only the first occurring event is kept and all other duplicates are removed from the results. | `string` | No | 1
`keepempty` | If true, keep the document if any field in the field list has a null value or a field missing. | `nested list of objects` | No | False `keepempty` | If true, keep the document if any field in the field list has a null value or a field missing. | `nested list of objects` | No | False
`consecutive` | If true, remove only consecutive events with duplicate combinations of values. | No | False | - `consecutive` | If true, remove only consecutive events with duplicate combinations of values. | `Boolean` | No | False
`field-list` | Specify a comma-delimited field list. At least one field is required. | Yes | - | - `field-list` | Specify a comma-delimited field list. At least one field is required. | `String` or comma-separated list of strings | Yes | -
*Example 1*: Dedup by one field *Example 1*: Dedup by one field
@ -90,7 +90,7 @@ To remove duplicate documents with the same gender:
search source=accounts | dedup gender | fields account_number, gender; search source=accounts | dedup gender | fields account_number, gender;
``` ```
| account_number | gender | account_number | gender
:--- | :--- | :--- | :--- |
1 | M 1 | M
13 | F 13 | F
@ -104,7 +104,7 @@ To keep two duplicate documents with the same gender:
search source=accounts | dedup 2 gender | fields account_number, gender; search source=accounts | dedup 2 gender | fields account_number, gender;
``` ```
| account_number | gender | account_number | gender
:--- | :--- | :--- | :--- |
1 | M 1 | M
6 | M 6 | M
@ -145,7 +145,7 @@ To remove duplicates of consecutive documents:
search source=accounts | dedup gender consecutive=true | fields account_number, gender; search source=accounts | dedup gender consecutive=true | fields account_number, gender;
``` ```
| account_number | gender | account_number | gender
:--- | :--- | :--- | :--- |
1 | M 1 | M
13 | F 13 | F
@ -176,9 +176,9 @@ search source=accounts | eval doubleAge = age * 2 | fields age, doubleAge;
| age | doubleAge | age | doubleAge
:--- | :--- | :--- | :--- |
32 | 64 32 | 64
36 | 72 36 | 72
28 | 56 28 | 56
33 | 66 33 | 66
*Example 2*: Overwrite the existing field *Example 2*: Overwrite the existing field
@ -191,10 +191,10 @@ search source=accounts | eval age = age + 1 | fields age;
| age | age
:--- | :--- |
| 33 | 33
| 37 | 37
| 29 | 29
| 34 | 34
*Example 3*: Create a new field with a field defined with the `eval` command *Example 3*: Create a new field with a field defined with the `eval` command
@ -206,19 +206,19 @@ search source=accounts | eval doubleAge = age * 2, ddAge = doubleAge * 2 | field
| age | doubleAge | ddAge | age | doubleAge | ddAge
:--- | :--- | :--- | :--- |
| 32 | 64 | 128 | 32 | 64 | 128
| 36 | 72 | 144 | 36 | 72 | 144
| 28 | 56 | 112 | 28 | 56 | 112
| 33 | 66 | 132 | 33 | 66 | 132
## fields ## fields
Use the `field` command to keep or remove fields from a search result. Use the `fields` command to keep or remove fields from a search result.
### Syntax ### Syntax
```sql ```sql
field [+|-] <field-list> fields [+|-] <field-list>
``` ```
Field | Description | Required | Default Field | Description | Required | Default
@ -234,11 +234,11 @@ To get `account_number`, `firstname`, and `lastname` fields from a search result
search source=accounts | fields account_number, firstname, lastname; search source=accounts | fields account_number, firstname, lastname;
``` ```
| account_number | firstname | lastname | account_number | firstname | lastname
:--- | :--- | :--- | :--- |
| 1 | Amber | Duke | 1 | Amber | Duke
| 6 | Hattie | Bond | 6 | Hattie | Bond
| 13 | Nanette | Bates | 13 | Nanette | Bates
| 18 | Dale | Adams | 18 | Dale | Adams
*Example 2*: Remove specified fields from a search result *Example 2*: Remove specified fields from a search result
@ -251,10 +251,10 @@ search source=accounts | fields account_number, firstname, lastname | fields - a
| firstname | lastname | firstname | lastname
:--- | :--- | :--- | :--- |
| Amber | Duke | Amber | Duke
| Hattie | Bond | Hattie | Bond
| Nanette | Bates | Nanette | Bates
| Dale | Adams | Dale | Adams
## rename ## rename
@ -281,9 +281,9 @@ search source=accounts | rename account_number as an | fields an;
| an | an
:--- | :--- |
| 1 | 1
| 6 | 6
| 13 | 13
| 18 | 18
*Example 2*: Rename multiple fields *Example 2*: Rename multiple fields
@ -296,10 +296,10 @@ search source=accounts | rename account_number as an, employer as emp | fields a
| an | emp | an | emp
:--- | :--- | :--- | :--- |
| 1 | Pyrami | 1 | Pyrami
| 6 | Netagy | 6 | Netagy
| 13 | Quility | 13 | Quility
| 18 | null | 18 | null
## sort ## sort
@ -327,9 +327,9 @@ search source=accounts | sort age | fields account_number, age;
| account_number | age | | account_number | age |
:--- | :--- | :--- | :--- |
| 13 | 28 | 13 | 28
| 1 | 32 | 1 | 32
| 18 | 33 | 18 | 33
| 6 | 36 | 6 | 36
*Example 2*: Sort by one field and return all results *Example 2*: Sort by one field and return all results
@ -342,9 +342,9 @@ search source=accounts | sort 0 age | fields account_number, age;
| account_number | age | | account_number | age |
:--- | :--- | :--- | :--- |
| 13 | 28 | 13 | 28
| 1 | 32 | 1 | 32
| 18 | 33 | 18 | 33
| 6 | 36 | 6 | 36
*Example 3*: Sort by one field in descending order *Example 3*: Sort by one field in descending order
@ -357,9 +357,9 @@ search source=accounts | sort - age | fields account_number, age;
| account_number | age | | account_number | age |
:--- | :--- | :--- | :--- |
| 6 | 36 | 6 | 36
| 18 | 33 | 18 | 33
| 1 | 32 | 1 | 32
| 13 | 28 | 13 | 28
*Example 4*: Specify the number of sorted documents to return *Example 4*: Specify the number of sorted documents to return
@ -372,8 +372,8 @@ search source=accounts | sort 2 age | fields account_number, age;
| account_number | age | | account_number | age |
:--- | :--- | :--- | :--- |
| 13 | 28 | 13 | 28
| 1 | 32 | 1 | 32
*Example 5*: Sort by multiple fields *Example 5*: Sort by multiple fields
@ -385,9 +385,9 @@ search source=accounts | sort + gender, - age | fields account_number, gender, a
| account_number | gender | age | | account_number | gender | age |
:--- | :--- | :--- | :--- | :--- | :--- |
| 13 | F | 28 | 13 | F | 28
| 6 | M | 36 | 6 | M | 36
| 18 | M | 33 | 18 | M | 33
| 1 | M | 32 | 1 | M | 32
## stats ## stats
@ -438,7 +438,7 @@ search source=accounts | stats avg(age) by gender;
| gender | avg(age) | gender | avg(age)
:--- | :--- | :--- | :--- |
| F | 28.0 | F | 28.0
| M | 33.666666666666664 | M | 33.666666666666664
*Example 3*: Calculate the average and sum of a field by group *Example 3*: Calculate the average and sum of a field by group
@ -451,7 +451,7 @@ search source=accounts | stats avg(age), sum(age) by gender;
| gender | avg(age) | sum(age) | gender | avg(age) | sum(age)
:--- | :--- | :--- | :--- |
| F | 28 | 28 | F | 28 | 28
| M | 33.666666666666664 | 101 | M | 33.666666666666664 | 101
*Example 4*: Calculate the maximum value of a field *Example 4*: Calculate the maximum value of a field
@ -464,7 +464,7 @@ search source=accounts | stats max(age);
| max(age) | max(age)
:--- | :--- |
| 36 | 36
*Example 5*: Calculate the maximum and minimum value of a field by group *Example 5*: Calculate the maximum and minimum value of a field by group
@ -476,7 +476,7 @@ search source=accounts | stats max(age), min(age) by gender;
| gender | min(age) | max(age) | gender | min(age) | max(age)
:--- | :--- | :--- | :--- | :--- | :--- |
| F | 28 | 28 | F | 28 | 28
| M | 32 | 36 | M | 32 | 36
## where ## where
@ -498,12 +498,12 @@ Field | Description | Required
To get all documents from the `accounts` index where `account_number` is 1 or gender is `F`: To get all documents from the `accounts` index where `account_number` is 1 or gender is `F`:
```sql ```sql
search source=accounts | where account_number=1 or gender="F" | fields account_number, gender; search source=accounts | where account_number=1 or gender=\"F\" | fields account_number, gender;
``` ```
| account_number | gender | account_number | gender
:--- | :--- | :--- | :--- |
| 1 | M | 1 | M
| 13 | F | 13 | F
## head ## head
@ -573,7 +573,7 @@ search source=accounts | rare gender;
| gender | gender
:--- | :--- |
| F | F
| M | M
*Example 2*: Find the least common values grouped by gender *Example 2*: Find the least common values grouped by gender
@ -586,7 +586,7 @@ search source=accounts | rare age by gender;
| gender | age | gender | age
:--- | :--- | :--- | :--- |
| F | 28 | F | 28
| M | 32 | M | 32
| M | 33 | M | 33
@ -616,7 +616,7 @@ search source=accounts | top gender;
| gender | gender
:--- | :--- |
| M | M
| F | F
*Example 2*: Find the most common value in a field *Example 2*: Find the most common value in a field
@ -629,7 +629,7 @@ search source=accounts | top 1 gender;
| gender | gender
:--- | :--- |
| M | M
*Example 2*: Find the most common values grouped by gender *Example 2*: Find the most common values grouped by gender
@ -641,5 +641,5 @@ search source=accounts | top 1 age by gender;
| gender | age | gender | age
:--- | :--- | :--- | :--- |
| F | 28 | F | 28
| M | 32 | M | 32