Splunk Search

How can I extract part of a URI and group them and create a table.

raviteja029
Explorer

I have a statistic to get where I am getting multiple lines but unable to group them into one and display the result like.

Getting -
URI | error . | count . |
/offer/transaction/ . | 200 | 5 . |
/offer/transaction/298759829 . 300 1
/offer/transaction/5683435 300 1
/offer/transaction/0578285 . 200 1
/offer/clear-up-in/9646789 . 200 1
/offer/transaction/87589889. 200 1

Need -
URI error count
/offer/transaction/ . 200 6
/offer/transaction/ 300 2
/offer/transaction/ 500 1
/offer/clear-up-in/ . 200 . 2

0 Karma

sbbadri
Motivator

your search | rex field=URI "(?P&ltnew_uri>/\S+/\S+/)\S+" | stats sum(count) by new_uri error

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...