Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Group records by two fields

varun99
Path Finder
‎03-06-2018 05:36 PM

Hi,

I have the data like below:

TransactionID1 TransactionID2
aaaaaaaaaaaa aaaaaaaaaaaa
aaaaaaaaaaaa bbbbbbbbbbb
bbbbbbbbbbb
ccccccccccccc ccccccccccccc
ccccccccccccc ccccccccccccc
ccccccccccccc

I need to group some records based on the above two fields in a way that the first three records come together and last three come together based on the fact that any of the TransactionID1 or TransactionID2 are same. It is a bit easy to group the last three. However, I am finding it difficult to group the 1st three. Kindly help.

0 Karma
Reply

DalJeanis
Legend
‎03-07-2018 01:47 PM

We need to see a little bit more of the actual search or the actual data to understand what you are having problems with.

0 Karma
Reply

hortonew
Builder
‎03-10-2018 10:11 AM

Also, what would your desired output look like? I imagine you're trying to group events together if either trans1 or trans2 match the previous one, but break into a new group should neither match.

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...