I have a search query that goes like this:
sourcetype="inv" Inv name=* | table name, intf, model, serialnum, mfgname | dedup switchname intf | stats count by ....
I want to do, stats counts by name in this case. If I search by intf=*, then I want to do, stat count by intf and so on.
I tried something like this,
sourcetype="inv" Inv name=* | table name, intf, model, serialnum, mfgname | dedup switchname intf | eval n=rtrim("name=","=") | stats count by n
But, that didn't work. I see why. But, how do I achieve that?
... View more