Splunk Search

group keys having wildcard char like usermetadata_* by other unique field like id

neha19oct97
Engager

Hi All,

I have a requirement to group keys  (key - value pair) having wildcard char like - usermetadata_*  by other unique field value.

Here is the query i am using to get all the keys as column: 

index=<index_name> sourcetype=<source_type> splunk_server_group=default |  stats dc(usermetadata_*) as * | transpose | rename column as usermetadata | table usermetadata

I want the output like this :

id                         usermetadata_keys

xyz                    usermetadata_type

                            usermetadata_eventName

                            usermetadata_date

pqr                    usermetadata_eventType

                           usermetadata_date

 

Labels (2)
0 Karma

General_Talos
Path Finder

Can you share more details.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...