Find Fields With S3Bucket in Class | LogScale Query Examples | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 1 minutes

Find Fields With S3Bucket in Class

Query

Search Repository: humio

logscale

wildcard(field=class, pattern="*S3Bucket*", ignoreCase=true)
| groupBy(class)

Introduction

Find all events containing any S3Bucket item (and all before and after) in their class, and count the occurrences for each class that is found.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[/Filter/] 1{{Aggregate}} result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
wildcard(field=class, pattern="*S3Bucket*", ignoreCase=true)
```
Searches the incoming data to list all events having S3Bucket (or everything around it, case-insensitive) in their string.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[/Filter/] 1{{Aggregate}} result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
| groupBy(class)
```
Takes the events extracted from the search and group them by the class field.
Event Result set.

Summary and Results

The result is an aggregated count of all events matching anything with S3Bucket, case-insensitive, in the class field.

class	_count
c.h.b.s.S3BucketStorageCleaningJob	197
c.h.b.s.S3BucketStorageFileUpLoader	2329
c.h.b.s.S3BucketStorageUploadJob	3869

Figure 1. Search S3Bucket With wildcard()

Enter search term