Query :
search event_name=email OR event |where NOT LIKE(person_id,"%WF%")| stats dc(person_id)
Result :
618bd8ea-59dc-485f-a0a3-908adb804443
6618bb54-73fd-4d13-b2e2-72e18171a904
WF724ad888-cbd4-483f-91b3-01a95809ad7b
WF9e9f0ec6-899e-43a8-b1e3-ca158516b6f
I need to use this above result again in same query to get those records count which are not starting with "WF".
Please suggest .
Any help would be really appreciated.
Related
Halo,
first, i say thank you for helping me solve my problem before.
I'm really newbie using Postgresql.
now i have new problem,
i do select statement like this one :
select * from company where id=10;
when i see the query in pg_stat_statements, i just get the query like this :
select * from company where id=?;
from the result the value of id is missing,
how i can get the complete query without missing the value??
Thank you :)
Alternatively you could set log_min_duration to 0 which will lead Postgres to log every statement.
Pg_stat_statements is meant to be for stats and these are aggregated, if every lookup value would be in there the stats would be useless because it would be hard to group.
If you want to understand a query just run it with explain analyze and you will get the query plan.
Here is the how the datastamp is in my json.I need to query based on the time stamp.
Datastamp:2016-02-10T11:43:15----string type
I tried querying by using substr which didn't work.
db.General_Liability.aggregate({$project : {new_time_stamp : {$substr : ["$session.Datestamp",0, 10]}}});
Please let me know how i should query.
I suppose you need a query for one day. You can use $gt and $lt for this.
db.General_Liability.find({ "session._Datestamp":{"$gte":ISODate("2016-02-10T00:00:00"), "$lt":ISODate("2016-02-11T00:00:00")}})
I am working on a use case, such that I need to filter a query set , perform a function on the results and then perform the same function on the rest of the query set.
# Example (since everybody is having quizzes these days)
query_set = Quiz.objects.filter()
todays_quizzes = query_set.filter(created__startswith=today)
not_todays_quizzes = query_set.exclude(created__starswith=today)
perform_function(todays_quizzes)
perform_function(not_todays_quizzes)
What I would like to know is, is there a better way to get not_todays_quizzes rather than having to perform almost the same query again but with just the opposite condition. i.e can I get both results in one query. Is it even possible at sql level?
Thanks for reading!
I am new to Splunk, I want to implement below however stuck there:
I could get results as below format:
ORA-01033: ORACLE initialization or shutdown in progress
ORA-XXXXX: ....
What I want is to see the count value for each ORA error. Can anybody help me?
You probably want to create a field extraction. A regular expression for your field might look like this ^ORA-\d+. When you got the field you can simply group and count by it:
* | stats count by <your-new-field>
Is not possible to do this like q=*:* with DisMax ?
first thanks for you answers.
Actually i found the solution that fit my need and it's :
< str name="q.alt">*:*< /str>
now i can list all the results .
;)
It is not possible to get all results with dismax using the *:* query.
To get the count of documents with this query, you have to use the standard query handler. You can switch to it by adding qt=standard in your query. Note that 'standard' is the default name, so check in your solrconfig.xml if it is the name you are really using.