Open YANG-DB opened 4 weeks ago
@YANG-DB @vamsi-amazon
So I am not exactly sure what the scope of this issue is because example 2+3 can be already executed successfully. Example 3 can be executed when rewritten as CASE like ´stats sum(case(device-id = 'value1', 1, device-name = 'value2',2 else 1))`
@salyh I've assigned this task to @LantaoJin thanks for all your help !
High level Review
The OpenSearch Piped Processing Language (PPL) currently lacks some advanced statistical aggregation capabilities similar to those provided by the
eventstats
command in Splunk Search Processing Language (SPL). This feature request proposes adding new functions and syntax to PPL to enable statistical calculations and aggregations on event data.Proposed Functionality:
Aggregate statistical calculations:
sum
,count
,min
,max
,avg
, etc., on specific fields or expressions.Conditional aggregations:
Chaining and nesting:
eventstats
commands can be chained in SPL.Integration with existing PPL syntax:
Examples: