group keys having wildcard char like usermetadata_...

neha19oct97 · ‎01-10-2021

Hi All,

I have a requirement to group keys (key - value pair) having wildcard char like - usermetadata_* by other unique field value.

Here is the query i am using to get all the keys as column:

index=<index_name> sourcetype=<source_type> splunk_server_group=default |  stats dc(usermetadata_*) as * | transpose | rename column as usermetadata | table usermetadata

I want the output like this :

id usermetadata_keys

xyz usermetadata_type

usermetadata_eventName

usermetadata_date

pqr usermetadata_eventType

usermetadata_date

General_Talos · ‎01-10-2021

Can you share more details.

group keys having wildcard char like usermetadata_* by other unique field like id

stats

table

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!