Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Group records by two fields

varun99
Path Finder
‎03-06-2018 05:36 PM

Hi,

I have the data like below:

TransactionID1 TransactionID2
aaaaaaaaaaaa aaaaaaaaaaaa
aaaaaaaaaaaa bbbbbbbbbbb
bbbbbbbbbbb
ccccccccccccc ccccccccccccc
ccccccccccccc ccccccccccccc
ccccccccccccc

I need to group some records based on the above two fields in a way that the first three records come together and last three come together based on the fact that any of the TransactionID1 or TransactionID2 are same. It is a bit easy to group the last three. However, I am finding it difficult to group the 1st three. Kindly help.

0 Karma
Reply

DalJeanis
Legend
‎03-07-2018 01:47 PM

We need to see a little bit more of the actual search or the actual data to understand what you are having problems with.

0 Karma
Reply

hortonew
Builder
‎03-10-2018 10:11 AM

Also, what would your desired output look like? I imagine you're trying to group events together if either trans1 or trans2 match the previous one, but break into a new group should neither match.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...