×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
bb10
Engager
Member since: ‎04-07-2022
‎04-07-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎04-07-2022
View All

Re: Grouping multiple results from a search in to ...

by in Splunk Search
‎04-07-2022 12:59 PM
‎04-07-2022 12:59 PM
Thank you this works ... View more

Grouping multiple results from a search in to the ...

by in Splunk Search
‎04-07-2022 12:24 PM
‎04-07-2022 12:24 PM
I'm trying to make a visualization showing our number of signatures, but the data is not very organized because I have 20+ results with variations of the name generic, like for example: Generic.TC.ldrvmp 1 Generic.TC.ligldq 1 Generic.TC.ljhook 1 Generic.TC.lmzdbq 1 Generic.TC.lnionm 1 Generic.TC.lniqpu 1 Generic.TC.lxboaq 1 Generic.TC.mpneia 1 Generic.TC.mpngod I want to group all these results under the name "generic", but it seems like if I try to use wild cards in the below search it gives me an error. I could do write out each signature individually in the |eval command but that seems very inefficient. I was wondering if it was possible for me to group the results in to the same name? | eval signature=case(signature="Generic.*", "generic")  |stats count by signature | sort -count ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-07-2022 04:57 PM
Karma given to
View All