Hi All,

I have a requirement to group keys  (key - value pair) having wildcard char like - usermetadata_*  by other unique field value.

Here is the query i am using to get all the keys as column: 

index=<index_name> sourcetype=<source_type> splunk_server_group=default |  stats dc(usermetadata_*) as * | transpose | rename column as usermetadata | table usermetadata

I want the output like this :

id                         usermetadata_keys

xyz                    usermetadata_type

                            usermetadata_eventName

                            usermetadata_date

pqr                    usermetadata_eventType

                           usermetadata_date