I am trying to perform a search and using regx and parameter can summarize the result based on two fields which are filing-type and application ( see in bold below). The raw data looks as listed below :
1639] - Filing # 43221772, was routed from FILING-PROCESSOR to [queue/CONVERTER] with key {IRS-941-PAYMENT, IRS, QUICKBOOKS-DIY, Y:2012 W:5, RECEIVED}
1539] - Filing # 43221752, was routed from FILING-PROCESSOR to [queue/CONVERTER] with key {SSA-W3-FILING, IRS, QUICKBOOKS-DIY, Y:2011 M:1, RECEIVED}
1539] - Filing # 43221752, was routed from FILING-PROCESSOR to [queue/CONVERTER] with key {SSA-W21-FILING, IRS, QUICKBOOKS-DIY, Y:2011 M:1, RECEIVED}
I like the search result will be summarized as below
Filing-type Application Count
IRS-941-Payment QUICKBOOKS-DIY 1
SSA-W3-FILING QUICKBOOKS-DIY 1
I attempted the following search by I encounterd an error that the regex doesn't extract anything.
index=pr received Filing # was routed from FILING-PROCESSOR | rex "\{?P<FILING_TYPE>, ?P<Agency>, ?P<App>, ?P<year>, RECEIVED\}"
... View more