Synopsis

Groups events according to column values.

^{group by [column_name] (in [Format_Type] format)(["Input_Unit"],)(["Output_Unit"]) (, [column_name] …)}

^column_name

Syntax: <character string>

Description: The name of the column header according to which events are to be grouped.

^column_name

Syntax: <character string>

Description: The name of additional column headers according to which events are to be sub-grouped. Column names should be comma separated.

^Format_Type

Syntax: number, simple, time, date, volume, regexp, expression, query, exception, replace, or useragentdetect

Description: The display format of the column header values in the summary table. See format.

Description

Creates a summary table that categorizes events according to their grouping. Must be preceded by a function.

Example 1:

^{* in log.access | count | group by url}

Returns the number of events from each URL.