Splunk Search
Highlighted

how to rank or group similar data together ?

New Member

Hi all,

I have a requirement as below, When there is a name field, I want it to be ranked similar names together

Name

John
John
John
Jack
Jack
Jack
James
James
James

Similar names should be grouped as

Name Rank

John 1
John 1
John 1
Jack 2
Jack 2
Jack 2
James 3
James 3
James 3

Could some one help pls

0 Karma
Highlighted

Re: how to rank or group similar data together ?

SplunkTrust
SplunkTrust

Check out the cluster command.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: how to rank or group similar data together ?

Esteemed Legend

Like this:

... | streamstats dc(Name) AS Rank
0 Karma