Try this:
data record(content = "This is test logs ~AB:4~CD:3~CD:6~EF:5~AB:3") | fieldsAdd parts = splitString(content, "~") | expand parts | filter contains(parts, ":") | parse parts, "LD:key ':' LONG:value" | summarize AB = arrayRemoveNulls(collectArray(if(key == "AB", value, else: NULL))), CD = arrayRemoveNulls(collectArray(if(key == "CD", value, else: NULL))), EF = arrayRemoveNulls(collectArray(if(key == "EF", value, else: NULL))), by: { content } | fieldsAdd `arraymax(AB)` = arrayMax(AB), `arraymin(AB)` = arrayMin(AB), `arraymax(CD)` = arrayMax(CD), `arraymin(CD)` = arrayMin(CD)
you should revice this:
Featured Posts
