I need to return the earliest login time per day for a single username. However, some returns do not match the login from that date. Query below:
index=app_redacted_int_* sourcetype="redacted" SessionState="Active" UserName=ABCDE123
| rex field=UserRealName "(?<IDNUM>\d+$)"
| bucket _time span=1d as day
| eval day=strftime(_time,"%F")
| stats earliest(SessionStateChangeTime) as SesssionStateChangeTime by day IDNUM UserRealName UserName
Results:
day IDNUM UserRealName UserName SessionStateChangeTime
2020-07-23 123 John Smith ABCDE123 7/22/2020 09:48:52
2020-07-24 123 John Smith ABCDE123 7/23/2020 12:47:13
2020-07-25 123 John Smith ABCDE123 7/24/2020 07:23:01
2020-07-27 123 John Smith ABCDE123 7/27/2020 07:54:34
2020-07-28 123 John Smith ABCDE123 7/27/2020 07:54:34
2020-07-29 123 John Smith ABCDE123 7/28/2020 07:32:04
As you can see, some days are returning their earliest login as a login from the previous day. I need the dates on the left side and the right side to be matching, and I need this all together in one query, I already know how to do it one query at a time. Thanks for taking your time to help! It is greatly appreciated!
It would appear that on those dates you've binned, the earliest login time was from an earlier day
It appears you've conflated multiple dates in the data into expecting them to be "the same"
I would strongly suspect that SesssionStateChangeTime is not the field you want to look at - at least, not in the manner you're trying to now
Related
I've got a table where we have registries of employees and where they have worked. In each row, we have the employee's starting date on that place. It's something like this:
Employee ID
Name
Branch
Start Date
1
John Doe
234
2018-01-20
1
John Doe
300
2019-03-20
1
John Doe
250
2022-01-19
2
Jane Doe
200
2019-02-15
2
Jane Doe
234
2020-05-20
I need a query where the data returned looks for the next value, making the starting date on the next branch as the end of the current. Eg:
Employee ID
Name
Branch
Start Date
End Date
1
John Doe
234
2018-01-20
2019-03-20
1
John Doe
300
2019-03-20
2022-01-19
1
John Doe
250
2022-01-19
---
2
Jane Doe
200
2019-02-15
2020-05-20
2
Jane Doe
234
2020-05-20
---
When there is not another register, we assume that the employee is still working on that branch, so we can leave it blank or put a default "9999-01-01" value.
Is there any way we can achieve a result like this using only SQL?
Another approach to my problem would be a query that returns only the row that is in a range. For example, if I look for what branch John Doe worked in 2020-12-01, the query should return the row that shows the branch 300.
You can use LEAD() to peek at the next row, according to a subgroup and ordering within it.
For example:
select
t.*,
lead(start_date) over(partition by employee_id order by start_date) as end_date
from t
I have table like this. This is a record of consultant done activity for aftercare when some new candidate starts a job.I have built a report to compare if aftercare is done on time or not. in the report it start showing 3 days ago that aftercare is due on this date. But some consultants do aftercare before or after and also on date which is correct. I am fetching MIN aftercaredone date to check and compare with the aftercare due date and shows in the report if it is correct like below.
MIN(case when DESCRIPTION='Aftercare Pre Start' then DUEDATECONCAND end) DUEDATEPreStart hin
But my min date logic fails here. Actually I like to pick up all aftercaredone dates and compare with aftercareduedate . If any date falls within required period then should show report result correct otherwise fails. I mean if someone did aftercare within 3 days difference from AFtercareduedate then should show correct or otherwise in query it should show N(means not done). And also I need to exclude weekends.
ConsultantID CandiateID candidateNAME AfterCareDueDate AftercareDone
123 1 Bob 01/02/2019 20/02/2019
123 1 Bob 01/02/2019 01/02/2019
123 1 Bob 01/02/2019 07/02/2019
100 2 Rob 01/02/2019 01/02/2019
100 2 Rob 01/02/2019 10/02/2019
200 3 ABC 01/02/2019 20/01/2019
I have a table that looks like this:
id | flight_number | departure_time | arrival_time
---+---------------+----------------+-------------
1 | UAL123 | 07:00:00 | 08:30:00
---+---------------+----------------+-------------
2 | AAL456 | 07:30:00 | 08:40:00
---+---------------+----------------+-------------
3 | SWA789 | 07:45:00 | 09:10:00
I'm trying to figure out an SQL query that can get upcoming flights based on departure time given the current time. For instance, at 07:20, I would like to return AAL456, SWA789 since those flights have not departed yet. At 07:40, I would like to just return SWA789. What is a good way to do this?
Well, you can use LOCALTIME to get the current time. So, if the departure_time is stored as a time, then:
select t.*
from t
where t.departure_time > localtime;
This assumes no time zone information is part of the time value. Also, it will return no flights after the last flight has departed for a day (which is consistent with the phrasing of your question).
This is similar to some other questions here, but those use a CASE which I cannot. This is on Oracle, and I will be running the query from an excel sheet. (And by the way these do not support WITH, which makes life much harder)
I have a range of dates in one big table - like 1/3/2011, 4/5/2012, 7/1/2013, 9/1/2013.....
Then I have another table with hours worked by employees on certain dates. So what I need to do is get a sum of number of hours worked by each employee in each intervening time period. So the tables are like
Dates
1-May-2011
5-Aug-2011
4-Apr-2012
....
and another
Employee Hours Date
Sam 4 1-Jan-2011
Sam 7 5-Jan-2011
Mary 12 7-Jan-2012
Mary 5 12-Dec-2013
......
so the result should be
Employee Hours In Date Range Till
Sam 11 1-May-2011
Sam 0 5-Aug-2011
Sam 0 4-Apr-2012
Mary 0 1-May-2011
Mary 0 5-Aug-2011
Mary 12 4-Apr-2012
....
Any pointers on how to achieve this please?
I'm unfamiliar with Oracle SQL and it's abilities/limitations, but since you asked for pointers, here's my take:
Join the tables (INNER JOIN) with the join rule being EmployeeHours.Date < Dates.Dates. Then GROUP BY Employee, Dates.Dates and select the grouping columns + SUM(Hours). What you'd end up with (Using your sample data) is:
Employee | Dates | Hours
Sam | 1-May-2011 | 11
Sam | 5-Aug-2011 | 11
Sam | 4-Apr-2012 | 11
Mary | 1-May-2011 | 0
Mary | 5-Aug-2011 | 0
Mary | 4-Apr-2012 | 12
With other (more complex) data, there will be more "interesting" results, but basically each row contains total hours up to that point.
You could then use that as an input to an outer query to find MAX(Hours) for all rows where Dates < currentDates and subtract that from your result.
Again, this is not a complete answer, but it's a direction that should work.
I have this table
User | File | SubmittedDate
Joe 1223.txt 2011-11-12
Joe 3321.txt 2011-11-13
Jack 4332.txt 2012-11-22
Jane 2344.txt 2012-11-10
I want to select so I only get one record of Joe's, one of Jack's, and one of Jane's.
e.g.
Joe 1223.txt 2011-11-12
Jack 4332.txt 2012-11-22
Jane 2344.txt 2012-11-10
In other words, I want a result set of rows that has a unique user field. What's the SQL to get this?
A very quick Google search would show you there are several possible options:
https://www.google.com/search?client=safari&rls=en&q=select+unique+values+from+sql&ie=UTF-8&oe=UTF-8
One of which is to use the DISTINCT keyword:
SELECT DISTINCT User FROM ....