Solved: grouping similar field values

atreece · ‎07-03-2012

I have a set of events that are generated with locations in the form of xloc and yloc. (z, or height, is irrelevant) I am trying to find events that happen in the same place, but I want to group any events that happen in the same area, say 5 meters. (+-5)
Is there a way to do this in splunk?

Ayn · ‎07-03-2012

You could probably use bucket for this. bucket puts continuous numerical values into discrete sets, so you could group together all xloc/yloc points within the same general area. Using this, if you'd want to get a count of the events within a certain range, you could do something like:

... | bucket xloc span=10 | bucket yloc span=10 | stats count by xloc,yloc

More information on the bucket command: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Bucket

View solution in original post

Ayn · ‎07-03-2012

You could probably use bucket for this. bucket puts continuous numerical values into discrete sets, so you could group together all xloc/yloc points within the same general area. Using this, if you'd want to get a count of the events within a certain range, you could do something like:

... | bucket xloc span=10 | bucket yloc span=10 | stats count by xloc,yloc

More information on the bucket command: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Bucket

grouping similar field values

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!