I am unable to solve the below problem on "tutorialsdata.zip" provided in documentation as there is no field named as "purchase".
Client purchase details:
Hi @Gauresh96,
you can extract the field with a regex
https://www.learnsplunk.com/splunk-regex-tutorial.html
or you can use an extraction at search time with the rex comand
https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchReference/Rex
Hello @aasabatini
Still not getting the result
I have attached the dataset url, can you please check.
Hi @Gauresh96
sorry for the late reply.
I analyzed the tutorial data and purchase is not a field but is a action field value, about your request I suggest to try this search:
sourcetype=access_combined_wcookie action=purchase | stats count by productId
sourcetype=access_combined_wcookie action=purchase | lookup prices productId | stats count(product_name) as products by productId