I am attempting to create a search where I can search for a string and its ending variations and give a count for how many times each has occured.
LH:1, bla bla
LH:12, yo yo
LH:1, wow wow
So in the search i should be able to search just "*LH:*" and it should return
How should i do that? I have tried using the search command and stats but Im clueless right now.
Thanks for the help
That's not quite how this works. You can try this tho:
your_search "*LH:" | rex field=_raw "LH:(?<lh_number>\d+)" | stats count by lh_number
This will regex your LH and pull out the number, and then count by that number.
View solution in original post