group keys having wildcard char like usermetadata_...

neha19oct97 · ‎01-10-2021

Hi All,

I have a requirement to group keys (key - value pair) having wildcard char like - usermetadata_* by other unique field value.

Here is the query i am using to get all the keys as column:

index=<index_name> sourcetype=<source_type> splunk_server_group=default |  stats dc(usermetadata_*) as * | transpose | rename column as usermetadata | table usermetadata

I want the output like this :

id usermetadata_keys

xyz usermetadata_type

usermetadata_eventName

usermetadata_date

pqr usermetadata_eventType

usermetadata_date

General_Talos · ‎01-10-2021

Can you share more details.

group keys having wildcard char like usermetadata_* by other unique field like id

stats

table

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI

Are you a member of the Splunk Community?