Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Format Stats Column Data
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dreamwork801
Path Finder
07-03-2014
09:42 AM
So I'm running this search string here:
index = git | rename Data.payload.head_commit.modified{} as FilesModified | rex field=Data.payload.head_commit.message max_match=10 "(?<BugID>[bB]ug.+[^@\w\w\d{4}]\d{3,6})" |rex field=BugID max_match=10 "(?<BugIDs>\d{3,6})"|eval BugIDs = ltrim(BugIDs,"0") | stats values(BugIDs) by FilesModified | rename values(BugIDs) as BugIDs | eval BugCountPerFile = mvcount(BugIDs) | search BugIDs =* | sort by -BugCountPerFile | search "FilesModified" = "*$namespace$*" | search "FilesModified" = "*$file$*"
Basically it mines GIT to get information about bugs per file, and it works great except the format of the columns comes with each BugID on a different row like this:
FilesModified BugID's
source/file.cs 110
8889
556
8521
5485
8889
And the list can get pretty long if there are over 15 bug Id's for one file.
Is there a way to list them like 4 or 5 on a row instead of just one, and seperated by commas or spaces?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
07-03-2014
10:39 AM
Try this
index = git | rename Data.payload.head_commit.modified{} as FilesModified | rex field=Data.payload.head_commit.message max_match=10 "(?<BugID>[bB]ug.+[^@\w\w\d{4}]\d{3,6})" |rex field=BugID max_match=10 "(?<BugIDs>\d{3,6})"|eval BugIDs = ltrim(BugIDs,"0") | stats values(BugIDs) BugIDs by FilesModified delim="," | eval BugCountPerFile = mvcount(BugIDs) | nomv BugIDs | search BugIDs =* | sort by -BugCountPerFile | search "FilesModified" = "*$namespace$*" | search "FilesModified" = "*$file$*"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
07-03-2014
10:39 AM
Try this
index = git | rename Data.payload.head_commit.modified{} as FilesModified | rex field=Data.payload.head_commit.message max_match=10 "(?<BugID>[bB]ug.+[^@\w\w\d{4}]\d{3,6})" |rex field=BugID max_match=10 "(?<BugIDs>\d{3,6})"|eval BugIDs = ltrim(BugIDs,"0") | stats values(BugIDs) BugIDs by FilesModified delim="," | eval BugCountPerFile = mvcount(BugIDs) | nomv BugIDs | search BugIDs =* | sort by -BugCountPerFile | search "FilesModified" = "*$namespace$*" | search "FilesModified" = "*$file$*"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dreamwork801
Path Finder
07-03-2014
11:31 AM
That worked! Thank you!
Get Updates on the Splunk Community!
Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps
It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...
What’s New in Splunk Observability – September 2025
What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...
Fun with Regular Expression - multiples of nine
Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...
