count by wildcard in field value

Toby_r · ‎11-26-2020

Hi,

I've following issue: Ive a dataset containing data like
Order number = 12345
Description = "AB: jdkjsd"
planned_date="12.3.2020"

Order number = 12346
Description = "BC: jdkjsd"
planned_date="12.3.2020"

Order number = 12347
Description = "BA: jdkjsd"
planned_date="12.3.2020"

now I'd like to have a table which counts me the number of events for "BC:*", "AB:*" OR "BA:*",... and so on - I'm quite new and google didnt helped me, can someone help? Thanks!

ITWhisperer · ‎11-26-2020

| rex field=Description "(?<prefix>\w+)\:"
| stats count by prefix

count by wildcard in field value

count

eval

stats

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

Are you a member of the Splunk Community?

count by wildcard in field value

count

eval

stats

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25