-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
ANALYZE IN STYLE
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
Groupby
The groupby pipe will help you organize data in groups and calculate some kind of aggregate statistics for these mentioned groups. It basically groups rows with the same value into one group or bucket. Let's see how it works.
The following syntax shows the position of the Groupby Clause in a query.
stream=firewall | groupby dstcn
The above query will group the results as per destination country for each event where the stream is firewall as shown below: