I have a data set like the following:
01/21/2013 /root1/url,/root2/url,/root2/url
02/22/2013 /root1/url,/root3/url
and I would like to generate a report like the following
event root count urls
1 root1 1 /root1/url
1 root2 2 /root2/url
/root2/url
2 root1 1 /root1/url
2 root3 1 /root3/url
Is there a way to get what I want using splunk functions where urls are filterd by root in the same row. I was able to use "makemv" and "streamstats" to get the first 3 fields but not able to filter urls based on root value.
