How can I extract part of a URI and group them and... - Splunk Community

Splunk Search

I have a statistic to get where I am getting multiple lines but unable to group them into one and display the result like.

Getting -
URI | error . | count . |
/offer/transaction/ . | 200 | 5 . |
/offer/transaction/298759829 . 300 1
/offer/transaction/5683435 300 1
/offer/transaction/0578285 . 200 1
/offer/clear-up-in/9646789 . 200 1
/offer/transaction/87589889. 200 1

Need -
URI error count
/offer/transaction/ . 200 6
/offer/transaction/ 300 2
/offer/transaction/ 500 1
/offer/clear-up-in/ . 200 . 2

your search | rex field=URI "(?P&ltnew_uri>/\S+/\S+/)\S+" | stats sum(count) by new_uri error

Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...