Hi,
I am attempting to create a search where I can search for a string and its ending variations and give a count for how many times each has occured.
Example
LH:1, bla bla
LH:12, yo yo
LH:1, wow wow
So in the search i should be able to search just "*LH:*"
and it should return
`Search Count
LH:1 2
LH:12 1`
How should i do that? I have tried using the search command and stats but Im clueless right now.
Thanks for the help
That's not quite how this works. You can try this tho:
your_search "*LH:" | rex field=_raw "LH:(?<lh_number>\d+)" | stats count by lh_number
This will regex your LH and pull out the number, and then count by that number.
That's not quite how this works. You can try this tho:
your_search "*LH:" | rex field=_raw "LH:(?<lh_number>\d+)" | stats count by lh_number
This will regex your LH and pull out the number, and then count by that number.