Refine your search:

Group CSV data results by two or more matching values?

0

I'm indexing a CSV that appears like the following in its raw form:

Filenum,string
1,abc
2,defg
2,abc
3,xyz
3,abc
1,xyz
7,uiop
7,abc
4,defg
5,qazwsx
6,qazwsx
1,uiop
4,abc

etc..

In Splunk both "Filenum" and "String" are correctly being extracted as field names.

I'd like to spit out a table that automatically groups Filenums with two or more matching Strings.

For example, Filenum 1 & 3 can be grouped together since they both have Strings abc & xyz.

Sample desired output:

Filenum     1, 3     abc, xyz
Filenum     1, 7     abc, uiop
Filenum     2, 4     abc, defg

Any ideas?

Thanks!

asked 11 Apr '12, 13:03

jtsplunk's gravatar image

jtsplunk
37611
accept rate: 0%

edited 11 Apr '12, 13:05

Be the first one to answer this question!
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×38

Asked: 11 Apr '12, 13:03

Seen: 363 times

Last updated: 11 Apr '12, 13:05

Related questions

Group results based upon matching values from multiple fields?

Group full auditd (rlog) EXECVE commands by User?

Group results by range values

Why two charts show different results?

transaction group by two IDs

group ip by count

Group by oldest Date

Use another time field to group information by time

Splunk Search group by parameter

Copyright © 2005-2012 Splunk Inc. All rights reserved.