Solved: Re: how to match partial string in search query

sravankaripe · ‎05-15-2017

Hi

I have a errors in the field (say myfield)

Error xyz : 123
Error xyz : 456
Error xyz : 789
Error xyz : 135
Error xyz : 987

i want to group it by matching the partial values of a string like
| eval myfield=if(myfield=="Error xyz*","Error xyz",myfield)

So myfields should contain values

"Error xyz" and other errors
(i am tring to group myfield values which starts with "Error xyz" )
how can i do this

SplunkersRock · ‎05-15-2017

try this

| eval temp= mvfilter(match(myfield,"Error xyz")) | eval myfield=if(myfield==temp,"Error xyz",myfield)

if it won't work, please provide me more info

SplunkersRock · ‎05-15-2017

try this

| eval temp= mvfilter(match(myfield,"Error xyz")) | eval myfield=if(myfield==temp,"Error xyz",myfield)

if it won't work, please provide me more info

how to match partial string in search query