Abstract
Learn more about the Cortex Query Language rank()
numbering function that is used with a windowcomp
stage.
Syntax
windowcomp rank() [by <field> [,<field>,...]] sort [asc|desc] <field1> [, [asc|desc] <field2>,...] [as <alias>]
Description
The rank()
function is a numbering function that is used in combination with a windowcomp stage. This function is used to return a single value for the ordinal (1-based) rank for each row in the group of rows using a combination of the by
clause and sort
(mandatory).
Example
Return an average ranking for the avgerage CPU usage on metric_type=HOST
. Allows you to see changes in the CPU usage compared to all hosts in the environment. The query returns a maximum of 100 it_metrics
records. The results are ordered by ft
in decending order in the rank
column.
dataset = it_metrics | filter metric_type = HOST | alter cpu_avg_str = to_string(cpu_avg) | alter ft = date_floor(_time, "w") | alter dt = date_floor(_time, "d") | limit 100 | windowcomp rank() by ft sort desc cpu_avg_str as rank | filter (agent_hostname contains $host_name) | comp avg(rank) by dt