Splunk Search

Using Tags to group results

richnavis
Contributor

I know that I can use tags to define a search, but can I also use them to group results? In my situation, I want to search my servers, and have them grouped by the type of servers I have. So...

I have created a tag called "Linux" and Another Tag called "Windows", then have created field value pairs to tag the servers. It it possible to then query them and get a count?

I've tried the following, but doesn't return any results.

Search tag=Linux or tag=Windows | stats count(host) by tag::host

I'm on 4.2.1

Tags (2)
0 Karma

richnavis
Contributor

So.. Found out that this is NOT possible... However, one way to do this is to create a lookup list, and then group by the fields in the lookup list..

0 Karma
Get Updates on the Splunk Community!

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...