Skip to content

unroll pipe, prior to stats pipe throws an error #697

Closed
Closed
unroll pipe, prior to stats pipe throws an error#697
Assignees
valyala
Labels
bugSomething isn't working
@dr4gon123

Description

@dr4gon123
dr4gon123
opened on Sep 21, 2025

Describe the bug

unroll pipe, prior to stats pipe throws an error

_stream:{"fedr.Message Type" in (${type:doublequote})}
| fedr.Classification:(${classification:doublequote}) AND fedr.Action:(${action:doublequote}) AND fedr.Severity:(${severity:doublequote}) AND $Logsql
| unroll rule.name
| stats by (rule.name,fedr.Severity) count() results 
| sort by (results) desc 
| limit 10

error: the pipe `| "unroll by (rule.name)"` cannot be put in front of `| "stats by (rule.name, fedr.Severity) count(*) as results"`, since it modifies or deletes `_time` field
(Trace ID: e4b36d42ebd8905631723e09e9481577)

rule.name is an array of values [value1,value2,...]

This type of query had been working on previous versions, 1.2X...

To Reproduce

run unroll prior stats pipe

Version

v.1.33.1

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions