I'm indexing a CSV that appears like the following in its raw form:
Filenum,string
1,abc
2,defg
2,abc
3,xyz
3,abc
1,xyz
7,uiop
7,abc
4,defg
5,qazwsx
6,qazwsx
1,uiop
4,abc
etc..
In Splunk both "Filenum" and "String" are correctly being extracted as field names.
I'd like to spit out a table that automatically groups Filenums with two or more matching Strings.
For example, Filenum 1 & 3 can be grouped together since they both have Strings abc & xyz.
Sample desired output:
Filenum 1, 3 abc, xyz
Filenum 1, 7 abc, uiop
Filenum 2, 4 abc, defg
Any ideas?
Thanks!
... View more