Archive

How do I group similar values together?

Path Finder
source=*prod*
 | dedup SRV JAVAVER
 | stats count(SRV) by JAVAVER

This would generate report with all of the Java Versions.

I visualized using PieChart but I am only interested in seeing the chart with JAVAVER grouped as Java 18, Java 17 & Java19 instead of Java1801, Java1802, and so on.

Bascially, I want to group something like this only for the Pie Chart if possible:

JAVAVER=Java19* -> Java19
 JAVAVER=Java18* -> Java18
 JAVAVER=Java17* -> Java17
Tags (1)
0 Karma
1 Solution

Communicator

You can use the substring function before your stats statement.
| eval JAVAVER=substr(JAVAVER,0,6)

View solution in original post

Communicator

You can use the substring function before your stats statement.
| eval JAVAVER=substr(JAVAVER,0,6)

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!