I am working on a query to allow me to see what connection properties a client software is using to connect.
The Log is in an XML format and I already have the parser working. now that i have records parsed i am trying to build a query that will take/join/merge fields of multiple records into a single record by session. (1 session >= 5 records). I am not a query guru so i have been stuck with how to approach this.
As you can see below there is not a single Record that contains ALL of the fields i am hoping to capture, but the group (sessionid) does.
After applying the parser and transactionizing on sessionID my results look like this.
The intended output would look like this.
I am not sure how best to structure the query (use join or subquery?) to get my intended output. Any input would be greatly appreciated.
Note: The screenshots are obviously not from sumologic, i used excel to convey the desired structure visually.
Please sign in to leave a comment.