Synopsis

Groups events according to column values.

Syntax

group by [column_name] (in [Format_Type] format)(["Input_Unit"],)(["Output_Unit"]) (, [column_name] …)  

Required Arguments

column_name

Syntax: <character string>

Description: The name of the column header according to which events are to be grouped.

Optional Arguments

column_name

Syntax: <character string>

Description: The name of additional column headers according to which events are to be sub-grouped. Column names should be comma separated.

Format_Type

Syntax: number, simple, time, date, volume, regexp, expression, query, exception, replace, or useragentdetect

Description: The display format of the column header values in the summary table. See format.

Description

Creates a summary table that categorizes events according to their grouping. Must be preceded by a function.

Examples

* in log.access | count | group by url  

 Returns the number of events from each URL.