Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Count by start of string

kooojo
Engager
‎07-28-2021 07:42 AM

I have an query that

index ="main" |stats count by Text |sort -count | table count Text

results:

countText
10dog fish
20   dog cat

        

 

How can I change the compare that compare first X chars into Text , for example first 4 chars , so "dog fish" and "dog cat" will be 1 line?

 

countText
30dog .....

 

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-28-2021 07:48 AM 
index ="main" |eval Text=substr(Text,1,4)|stats count by Text |sort -count | table count Text

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-28-2021 07:48 AM 
index ="main" |eval Text=substr(Text,1,4)|stats count by Text |sort -count | table count Text
0 Karma
Reply
Solved! Jump to solution

kooojo
Engager
‎07-28-2021 07:55 AM

And how can I add "..." as a suffix ?

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎07-28-2021 08:06 AM

update Text eval

|eval Text=substr(Text,1,4)."...."

 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...