Include host name as a pivot point in Kestrel query

[Galal-sec]

Is your feature request related to a problem? Please describe.
I have a use case to get the sequence of commands execution from the same host within timestamp

Describe the solution you'd like
Correlate sequence commands on the same host

Describe alternatives you've considered
If we can do the same via Parent process ID

Additional context

[pcoccoli]

For implementing simple correlation in SQL (which we're trying to leverage as much as possible in kestrel 2), consider a simple table mydata:

# select * from mydata;
 name  |       email       
-------+-------------------
 alice | [email protected]
 bob   | [email protected]
 carol | [email protected]
(3 rows)

Finding rows that share the same email could be done by with grouping:

# select * from mydata where email in (select email from mydata group by email having count(*) > 1);
 name  |       email       
-------+-------------------
 alice | [email protected]
 carol | [email protected]
(2 rows)

Another possibility is joins:

# select L.* from mydata L join mydata R on L.email = R.email where L.name != R.name;
 name  |       email       
-------+-------------------
 alice | [email protected]
 carol | [email protected]
(2 rows)

In postgres, the grouping method is less expensive according to the EXPLAIN output.