Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Grouping of value

kelz
Explorer
‎09-09-2021 06:52 PM

Hello guys,

I need help building the query for this value to group it like the output I have given below.

Current:
apple1
apple-orange
apple-yellow
banna123
banna-red
banna-orange

Output:

apple*
banna*

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-10-2021 01:56 AM 
| makeresults
| eval _raw="apple1
apple-orange
apple-yellow
banna123
banna-red
banna-orange"
| multikv noheader=t
| table Column_1
| rename Column_1 as _raw


| rex "(?<fruit>[a-zA-Z]+)"

The rex puts the fruit into a field which you can then group by as you need

View solution in original post

Reply
Solved! Jump to solution

kelz
Explorer
‎09-19-2021 11:39 PM

Thank you @ITWhisperer 

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-10-2021 01:56 AM 
| makeresults
| eval _raw="apple1
apple-orange
apple-yellow
banna123
banna-red
banna-orange"
| multikv noheader=t
| table Column_1
| rename Column_1 as _raw


| rex "(?<fruit>[a-zA-Z]+)"

The rex puts the fruit into a field which you can then group by as you need

Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...