Running the following query gives me a result with different field values.
index="XXXX" host="POLO*" | stats count by URL | sort-count
URI | count
/pup/folks/xy/hollow/yellow/red | 7
/pup/folks/xy/hollow/yellow/1234567/usage | 1
/pup/police/xy/laptop/MASTER/hollow/1234567 | 1
/pup/folks/xy/hollow/yellow/1234567/usage | 1
/pup/police/xy/laptop/MASTER/hollow/123456 | 1
/pup/folks/xy/hollow/yellow/12345/usage | 1
/pup/folks/xy/hollow/yellow | 1
/pup/police/xy/laptop/MASTER/hollow/12345 | 1
/pup/folks/xy/hollow/yellow/123456/usage | 5
/pup/folks/xy/hollow/yellow/123456/usage | 5
/pup/folks/xy/hollow/yellow/123456/usage | 5
/pup/police/xy/laptop/MASTER/hollow/123456 | 5
/pup/police/xy/laptop/MASTER/hollow/123456 | 5
/pup/folks/xy/hollow/yellow/123456/usage | 4
Is there a way to show them like this? (Merge)
/pup/folks/xy/hollow/yellow/*/usage | 22
/pup/police/xy/laptop/MASTER/hollow/* | 13
↧