group keys having wildcard char like usermetadata_...

neha19oct97 · ‎01-10-2021

Hi All,

I have a requirement to group keys (key - value pair) having wildcard char like - usermetadata_* by other unique field value.

Here is the query i am using to get all the keys as column:

index=<index_name> sourcetype=<source_type> splunk_server_group=default |  stats dc(usermetadata_*) as * | transpose | rename column as usermetadata | table usermetadata

I want the output like this :

id usermetadata_keys

xyz usermetadata_type

usermetadata_eventName

usermetadata_date

pqr usermetadata_eventType

usermetadata_date

General_Talos · ‎01-10-2021

Can you share more details.

group keys having wildcard char like usermetadata_* by other unique field like id

stats

table

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation