I first need to group values of the same field...
Group1 (values match A1, A2, A3,...)
Group2 (values match B1, B2, B3,...)
Group3 (values match C1, C2, C3,...)
...then, I need to display the counts for each group (Group1, Group2, Group3) month-over-month.
Thanks for any assistance!
...| eval group1=if(match(fieldName,"A.*"),1,0) | eval group2=if(match(fieldName,"B.*"),1,0) | eval group3=if(match(fieldName,"C.*"),1,0) | stats count by group* The A.*, B.*, & C.* should be regular expressions that match the value of FieldName to the desired/correct group number. The stats group* will do the count for each group. The "..." Is where you put your foot search.
FieldName should be the name of the field that contains the data
Let me know if that helps!
Thanks for your response @jkat54!
I tried running specifically the following...
... | eval group1=if(match(message_subject,"CyFin"),1,0) | stats count by group*
I'm getting the error below...
Error in 'eval' command: Regex: nothing to repeat
The search job has failed due to an error. You may be able to view the job in the Job Inspector.
I'm getting numbers for each of the following searches. I just want to put them together in one search and output each count....
Note that asterisks are in the front and back of each string within the quotes and no backslashes.
Thanks for your continued help!