I have a query that tells me the count of unique devices running a particular software version (major.minor.release.build format--x.x.x.x). I'd like to group on the "release" or 3rd digit in the group. So if I have the following versions:
1.1.2.45
1.1.2.47
1.1.2.36
1.1.3.45
I'd like to to really just see this in the output:
1.1.2
1.1.3
Right now my query looks something like this:
index=stats_sess | stats dc(device.uuid) as count by software.version | sort 10 count d | table software.version, count
... View more