根据其他字段的值计算一个字段的值

Question

我有一些这样的字段：

Group_servers|Name_server|Status**
Group1| server1|OK                
Group1| server2|OK  
Group2| server1|OK  
Group2| server1|No data  
Group2| server1|Yellow
Group2| server1|

我想得到如下所示的结果

Group_servers|Status
Group1|OK                
Group1| No data 

状态组的形成条件如下：

1. If at least one server in the group has the status "No data" or the field is empty, the status for the group is " No data" 
2. If at least one server in the group has the "Yellow" status, the status for the group is " Yellow"
3. If all servers in the group have the status "OK", the status for the group is " OK"

Answer 1

这里有两种方法，一种可能比另一种更清楚

| fillnull value="No data" Status | stats values(Status) as StatusList by Group_servers 会给你类似下面的东西

Group_servers|StatusList
------------------------
Group1       |OK
------------------------
Group2       |No data
             |Yellow
------------------------

然后您可以使用mvfind 来确定每个组的值。

| fillnull value="No data" Status | stats values(Status) as StatusList by Group_servers | eval Status=if(isnotnull(mvfind(StatusList,"No data")),"NoData",( isnotnull(mvfind(StatusList,"Yellow")),"Yellow","OK"))

作为替代方案，您可以执行以下操作，只需为每个状态分配一个数字分数，然后获取每个组的最小值。

eval status_code=case(Status="OK",2, Status="Yellow",1,1==1,0) | stats min(status_code) as min_status_code by Group_servers | eval Status=case(min_status_code=2,"OK",min_status_code=1,"Yellow",1==1,"No data")