Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I extract part of a URI and group them and create a table.

raviteja029
Explorer
‎07-27-2017 03:40 PM

I have a statistic to get where I am getting multiple lines but unable to group them into one and display the result like.

Getting -
URI | error . | count . |
/offer/transaction/ . | 200 | 5 . |
/offer/transaction/298759829 . 300 1
/offer/transaction/5683435 300 1
/offer/transaction/0578285 . 200 1
/offer/clear-up-in/9646789 . 200 1
/offer/transaction/87589889. 200 1

Need -
URI error count
/offer/transaction/ . 200 6
/offer/transaction/ 300 2
/offer/transaction/ 500 1
/offer/clear-up-in/ . 200 . 2

0 Karma
Reply

sbbadri
Motivator
‎07-27-2017 10:20 PM

your search | rex field=URI "(?P&ltnew_uri>/\S+/\S+/)\S+" | stats sum(count) by new_uri error

0 Karma
Reply
Get Updates on the Splunk Community!

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...