We use Splunk as our A/B platform. Our test buckets are called "studies", and within each study we have "groups", which are the different A/B tests.
Anytime we want to query a study to compare results across all the groups within the study we have to create a query like the following:
msg=singlemessage reply=1 plat=2 OR plat=0 | extract kvdelim="=" limit=200 pairdelim="," | makemv delim="," studies | chart count by studies,isp | rex field=studies "(?.)---(?.)" | where study="lab"
The bolded text above is what is required to break out a study by its groups. Is there any way to turn this into a macro, with the caveat that within where study="lab" where "lab" and "chart count by studies,is_p" can be changed to anything (because we have multiple studies)?