Timelion: Making expression independent of field values (Use of condition() and first())

Hi,

Fields of my index in which I'm interested in are method and status, both are of type string.
method can take from dozens of different values.
status can be "success", "pending" or "failure".

I want to plot success rate ( #success/total count) for top 10 methods based on count.
Expression for success rate for a particular method, say a can be as follow:

.es(q='method:a AND status:success', method=count).divide(.es(q='method:a'))

Using comma separated expressions, I'll have some more method's success rate plotted on the same graph. But, they'll not be for top 10 fields.

The only other way I could think of uses lots of conditionals:

.es(q='status:success', split='method:10').if(eq, .es(q='status:success AND method:a'), .es(q='status:success AND method:a').divide(.es(q='method:a'))).if(eq, .es(q='status:success AND method:b'), .es(q='status:success AND method:b').divide(.es(q='method:b'))).   ... and so on for all method values.

My understanding is, use of first() can shorten the above query, by substituting it as a numerator for divisions in conditionals. But, I guess use of first() in expressions is not allowed. Right? Is there any other alternative to first()?

Is there a way to make this query independent of method values?

Are you looking for something like this?

And yes, first() is only an internal function.

@Marius_Dragomir Yes. I need a function which can infer which split-series is the input series, and I don't have to write conditionals for every value of a split field.

For now, a +1 is pretty much what you can do here, the more people that ask for it, the higher up it goes in the priority list.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.