Thanks a lot!
I managed to get (almost) the result I wanted thanks to you both.
I used this :
parse-json
| scope "0.schema.meta.custom.data.monitors"
| extend "create_datetime"=unixtime_seconds_todatetime("create_datetime")
| mv-expand "log"="logs"
| extend "log_date"=unixtime_seconds_todatetime("log.datetime"), "log_type"="log.type"
# | project-away "keyword_case_type", "lastLogTypeBeforeStartDate"
| project "friendly_name", "log_date", "log_type"
# | summarize min("log_date") by "log_type"
and a “prepare time series” tranformation with format : multi-frame time series.
I still have to rename the series but I will figure that part out.
My real remaining problem is that I used inline source with the json I provided you.
And I did that because when I switch to UQL type query, the query doesn’t seem to take my arguments into account properly.
Here is what I mean :
with json type query, the arguments are applied, i get monitors with ohana in the name, and the logs
but when I switch to UQL type query, I can’t get it to take the arguments into account
I have tried putting in my arguments as query params tab or as body of the request, nothing seems to work.
Any ideas as to how to solve this?
Thanks a lot for all your help!