I've been trying to do the following for hours and seems like I need some assistance. We have a bunch of software versions in Splunk that we'd like to group by parent->child versioning. For example, I'd like my data to be grouped as shown below. If the value on the left side of the period matches, then they would be grouped together, regardless of the value on the left side of the . . Any grouped results that don't have at least 1 parent/child event would be ignored from the results.
Valid Results - how I'd like the data to be organized/grouped