cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ail321
Engager
Member since: ‎02-03-2022
‎02-04-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎02-03-2022
Activity Feed
View All

Re: How to group similar domain/URL patterns?

by in Splunk Search
‎02-04-2022 06:26 AM
‎02-04-2022 06:26 AM
this worked. What if I add to search something like this 170.51.31.0/22 ... View more

How to group similar domain/URL patterns?

by in Splunk Search
‎02-03-2022 12:23 PM
‎02-03-2022 12:23 PM
I would like to group URL fields and get a total count.  When  I do this:       index=example source=example_example dest="*.amazonaws.com" OR dest="*.amazoncognito.com" OR dest="slack.com" OR dest="*.docker.io" | dedup dest | table dest | stats count by dest       the output is this: dest count 352532535.abc.def.eu-xxxxx-1.amazonaws.com 1 abc.auth.xx-aaaa-1.amazoncognito.com 1 aaa1-stage-login-abcdef.auth.xx-abcd-1.amazoncognito.com 1 346345452.abc.def.us-abcd-2.amazonaws.com 1 autoscaling.xx-east-4.amazonaws.com 1 slack.com 1 registry-1.docker.io 1 auth.docker.io 1   I wanted to group them by similar patterns like this: gruopedURL count .amazonaws.com 3 .amazoncognito.com 2 slack.com 1 .docker.io 2   I've tried other possible queries based on some postings here, but no luck. It was mostly after the '.com' ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-04-2022 04:37 PM
Karma given to
View All