How can I extract part of a URI and group them and... - Splunk Community

Splunk Search

I have a statistic to get where I am getting multiple lines but unable to group them into one and display the result like.

Getting -
URI | error . | count . |
/offer/transaction/ . | 200 | 5 . |
/offer/transaction/298759829 . 300 1
/offer/transaction/5683435 300 1
/offer/transaction/0578285 . 200 1
/offer/clear-up-in/9646789 . 200 1
/offer/transaction/87589889. 200 1

Need -
URI error count
/offer/transaction/ . 200 6
/offer/transaction/ 300 2
/offer/transaction/ 500 1
/offer/clear-up-in/ . 200 . 2

your search | rex field=URI "(?P&ltnew_uri>/\S+/\S+/)\S+" | stats sum(count) by new_uri error

Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...