I have log events such as activity:http://xyz/rest/876 http://xyz/rest/223 http://xyz/rest/263 http://xyz/rest/4534 http://abc/rest/1 when I do stats count by activity I want to get results as: http://xyz/rest 4 http://abc/rest 1
How can it be best done?
Try this:
| rex "(?<activity>http:\/\/[^\/]*\/rest)" | stats count as mycount by activity
View solution in original post
