Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Grouping events

DTERM
Contributor
‎08-15-2011 03:10 PM

How do I develop a query that groups events by product names? I don't know what the product names are. But I need a query that will extract that data and group it.

I've tried using kmeans and transaction but I was not able to get the desired results. Thanks.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mzorzi
Splunk Employee
Splunk Employee
‎08-16-2011 04:52 PM

index=* | stats count by productNames | sort -count

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mzorzi
Splunk Employee
Splunk Employee
‎08-16-2011 04:52 PM

index=* | stats count by productNames | sort -count

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎08-16-2011 07:31 AM

How do you mean "sort by"? Do you want to join disparate events into one event based on the productName? Or do you want to create statistics based on productName? It's much easier to answer if you can provide us with a clear and concise description of a specific goal you want to achieve, preferrably also with sample log events.

0 Karma
Reply
Solved! Jump to solution

DTERM
Contributor
‎08-16-2011 07:18 AM

For example, let's say I have products like sendmail, named, and httpd in my logs. These are under a field called productName. I want to be able to create a query that sorts by these productNames. Preferably without using the productNames in the query (but I will if I have to).

0 Karma
Reply
Solved! Jump to solution

Brian_Osburn
Builder
‎08-15-2011 03:16 PM

Can you give us an example of the data / events you are trying to group?

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...