topic Re: Correlating events from 2 different indexers when there is no common field in Splunk ITSI https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475621#M1748 <P>with expected results <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P> Tue, 14 Apr 2020 12:18:32 GMT kamlesh_vaghela 2020-04-14T12:18:32Z Correlating events from 2 different indexers when there is no common field https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475619#M1746 <P>Hi,</P> <P>I have 2 different indexers snmptrapd and servicenow.</P> <P>Where snmptrap will have NNMI related events for storage devices, such as when any storage device is down/not functional</P> <P>and servicenow indexer will have incident related events from CMDB data.</P> <P>So i need to get events with storage device down along with respective Incident data.</P> <P>Is there any possibility to correlate these 2 indexers, so that i can get required</P> Sun, 07 Jun 2020 00:21:43 GMT https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475619#M1746 vijaya5 2020-06-07T00:21:43Z Re: Correlating events from 2 different indexers when there is no common field https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475620#M1747 <P>@vijaya5 </P> <P>Can you provide sample data ?</P> Tue, 14 Apr 2020 10:15:55 GMT https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475620#M1747 harishalipaka 2020-04-14T10:15:55Z Re: Correlating events from 2 different indexers when there is no common field https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475621#M1748 <P>with expected results <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P> Tue, 14 Apr 2020 12:18:32 GMT https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475621#M1748 kamlesh_vaghela 2020-04-14T12:18:32Z Re: Correlating events from 2 different indexers when there is no common field https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475622#M1749 <P>I believe "indexers" is mis-used here and should be "indexes".</P> Tue, 14 Apr 2020 12:42:22 GMT https://community.splunk.com/t5/Splunk-ITSI/Correlating-events-from-2-different-indexers-when-there-is-no/m-p/475622#M1749 richgalloway 2020-04-14T12:42:22Z