I have a query that tells me the count of unique devices running a particular software version (major.minor.release.build format--x.x.x.x). I'd like to group on the "release" or 3rd digit in the group. So if I have the following versions:
1.1.2.45
1.1.2.47
1.1.2.36
1.1.3.45
I'd like to to really just see this in the output:
1.1.2
1.1.3
Right now my query looks something like this:
index=stats_sess | stats dc(device.uuid) as count by software.version | sort 10 count d | table software.version, count
Try this
index=stats_sess | eval software.version=replace('software.version',"(.*)\.(\d+)$","\1")| stats dc(device.uuid) as count by software.version | sort 10 count d | table software.version, count
Try this
index=stats_sess | eval software.version=replace('software.version',"(.*)\.(\d+)$","\1")| stats dc(device.uuid) as count by software.version | sort 10 count d | table software.version, count
Thank you! This is exactly what I needed.