Feature Request: support "as" parameter on collect()

[deejgregor]

In a groupBy, I want to be able to both collect() a field, but also do tail(1) so I can get the most recent event (so I can report on some other fields, like OS version, customer, etc. that don't change often, so I only need it from one event). E.g.:

segfault | groupby(uid, function=[count(), collect(msg), tail(1)]) | sort(_count)

But when I do that, I get:

Warning: Two fields in the query have the same name. In this case events both have the field msg but different values. This can happen if you forgot to specify the as parameter of a function. If you are for example using two max functions in a groupBy you would have to specify the as to distinguish between the values. E.g. groupBy(host, function=[max(lag, as=lag), max(jitter, as=jitter)]).

And also, my collect(msg) results are gone (but hey, at least the query worked!).

I guess I could collect() each field that I care about and they usually don't change, but most often, I really just want the most recent one, and "tail(1)" is a nice way to get that if I could also do "collect(msg, as=all_msgs)" or something like that.

• Humio Version: 1.16.1--build-317499148--sha-b85e0999d910579cf934b7190cdb5f3c4fa0064f

[SaaldjorMike]

Hi @deejgregor. This repository is not longer being actively maintained, see the notice in the readme:

This repo is no longer being actively maintained. Moving forward, we ask that you please report bugs and make and feature requests via our support desk at support@humio.com.

[deejgregor]

Thanks, @SaaldjorMike. I have opened up tickets here in the past and skipped right past the page that shows the README. Email sent to support@humio.com and closing this issue.