I have the below query I've written - I am used to SQL, SPL is still new to me. I feel like there has to be some way to make this shorter/more efficient - i.e:  Data: API_RESOURCE="/v63.0/gobbledygook/unrequitededits_somename_request" API_RESOURCE="/v62.0/gobbledygook/unrequitededits_somename_response" API_RESOURCE="/v61.0/gobbledygook/unrequitededits_somename_update" API_RESOURCE="/v63.0/gobbledygook/unrequitededits_somename_delete" API_RESOURCE="/v61.0/gobbledygook/unrequitededits_somename_delete" API_RESOURCE="/v62.0/gobbledygook/unrequitededits_somename_update" API_RESOURCE="/v61.0/gobbledygook/URI_PATH_batch_updates" Original query: index="some_index" API_RESOURCE!="" | eval API_RESOURCE=case( LIKE(API_RESOURCE,"%63%"),"/v63", LIKE(API_RESOURCE,"%62%"),"/v62", LIKE(API_RESOURCE,"%61%"),"/v61",1==1, API_RESOURCE) |stats count by API_RESOURCE Desired query: index="some_index" API_RESOURCE!="" | eval API_RESOURCE=case(LIKE(API_RESOURCE,"%6\d%"),"/v6\d",1==1, API_RESOURCE) |stats count by API_RESOURCE Where the outcome would be the three versions being counted as grouped within their own version (so, v/63 = 2, v/62 = 2, v/61= 2 Every time I run the 'desired query' it completely ignores the wildcard/variable in both the search and replace part of the case statement. Any help would be appreciated, as there are at least 64 current versions, and every time a new one is developed it gets the next highest version number Thanks in advance! ... View more