Splunk Search
Highlighted

Using Tags to group results

Contributor

I know that I can use tags to define a search, but can I also use them to group results? In my situation, I want to search my servers, and have them grouped by the type of servers I have. So...

I have created a tag called "Linux" and Another Tag called "Windows", then have created field value pairs to tag the servers. It it possible to then query them and get a count?

I've tried the following, but doesn't return any results.

Search tag=Linux or tag=Windows | stats count(host) by tag::host

I'm on 4.2.1

Tags (2)
0 Karma
Highlighted

Re: Using Tags to group results

Contributor

So.. Found out that this is NOT possible... However, one way to do this is to create a lookup list, and then group by the fields in the lookup list..

0 Karma