I have a query that returns several entries with timestamp and an operation_Id. Entry 2 and 3 have the same operation_Id but different timestamps. How can I remove the duplicate operation_Id, the first shall be used - and I still want to display the timestamp.
| timestamp | operation_Id | name |
|---|---|---|
| 2022-10-28T06:13:05.789Z | 12d83416-0c94-4c98-9523-603b7e634a14 | iOS |
| 2022-10-28T03:50:44.249Z | 642bb5d7-69e5-437a-b086-d89eec93438b | iOS |
| 2022-10-28T03:50:42.662Z | 642bb5d7-69e5-437a-b086-d89eec93438b | iOS |
I know I can use "distinct".
| distinct operation_Id, OS;
| operation_Id | name |
|---|---|
| 12d83416-0c94-4c98-9523-603b7e634a14 | iOS |
| 642bb5d7-69e5-437a-b086-d89eec93438b | iOS |
| 642bb5d7-69e5-437a-b086-d89eec93438b | iOS |
But how do I add now the timestamp?
I cannot do something like this, because then I am back to my first problem :-)
| distinct timestamp, operation_Id, OS;
I also tried with "summarize" but it summarized all operation_Id, even the operation_Id was different
datatable(timestamp:datetime, operation_Id:string, name:string)
[
datetime(2022-10-28T06:13:05.789Z) ,"12d83416-0c94-4c98-9523-603b7e634a14" ,"iOS"
,datetime(2022-10-28T03:50:44.249Z) ,"642bb5d7-69e5-437a-b086-d89eec93438b" ,"iOS"
,datetime(2022-10-28T03:50:42.662Z) ,"642bb5d7-69e5-437a-b086-d89eec93438b" ,"iOS"
]
| summarize arg_min(timestamp, *) by operation_Id
| operation_Id | timestamp | name |
|---|---|---|
| 642bb5d7-69e5-437a-b086-d89eec93438b | 2022-10-28T03:50:42.662Z | iOS |
| 12d83416-0c94-4c98-9523-603b7e634a14 | 2022-10-28T06:13:05.789Z | iOS |