Splunk search to group by the field values - Splunk Community

Splunk Search

Hi,

I need to assign the values of a field to a new field and group with the new field.

For ex.

Field-1 Field2

AppA xxxx

AppA yyyy

AppA zzzz

AppB xxxx

AppB yyyy

I want to be able to have a stats count with a new field or value for everything that is there with a combination of Field1 and Field2. i.e in the above result the new search field 3 may be should return 3 and 2 for each apps.

I was told this might be achieve-able through lookup definitions and tables , but I am new to it.

Any help will be great.

| stats dc(field2) as field3 by field1

Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability In the realm of IT operations, the ...