cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
R0ss
Engager
Member since: ‎06-19-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎06-19-2017
Activity Feed
Topics I've Started
View All

Re: Grouping by a substring

by in Splunk Search
‎06-19-2017 05:50 AM
‎06-19-2017 05:50 AM
Perfect, thank you! ... View more

Grouping by a substring

by in Splunk Search
‎06-19-2017 02:04 AM
‎06-19-2017 02:04 AM
Hello, I'm having trouble grouping errors in our Splunk logs. The date and time is appended to the error messages, meaning that every message is unique. For example: Message=2017-06-19 09:15:23,825 ERROR - Here is the error message that we would like to group on... I would like to ignore the date/time string and group on the text that appears after this. The best I have come up with is as follows: Type=Error | eval ErrorString=substr(Message,30,len(Message)) | stats count by ErrorString But this search still seems to evaluate as if the date is present in the new ErrorString string (the count is always 1 and ErrorString's are duplicated across rows) Could you help me to write a query that would group the error messages and ignore the date/time. Thanks, Ross ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All