https://community.splunk.com/t5/Splunk-Search/Combine-Merge-results-from-Exim-Search/m-p/169867#M186276 <P>Could be more specific on what do you mean by merging/combining the results? Probably the output/table you're looking for.</P> Fri, 28 Feb 2014 14:05:54 GMT somesoni2 2014-02-28T14:05:54Z https://community.splunk.com/t5/Splunk-Search/Combine-Merge-results-from-Exim-Search/m-p/169865#M186274 <P>As first, sry for my bad english.</P> <P>At the moment i making a praktical training<BR /> My ask is to analyze exim4 Logs. My Problem is for example if search for a Message ID, i find 3 results. How can i combine/emerge this three results in one results?</P> <P>Thank you.<BR /> FloFa</P> Fri, 28 Feb 2014 09:36:44 GMT https://community.splunk.com/t5/Splunk-Search/Combine-Merge-results-from-Exim-Search/m-p/169865#M186274 FloFa 2014-02-28T09:36:44Z https://community.splunk.com/t5/Splunk-Search/Combine-Merge-results-from-Exim-Search/m-p/169866#M186275 <P>Hi FloFa,</P> <P>You have several options, here are two :<BR /> - use "stats" function, to group you 3 messages : | stats ... by MessageID<BR /> - if you need the raw content from the events, have a look a the "transaction" command : | transaction MessageID |...</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/5.0.7/SearchReference/ListOfSearchCommands">http://docs.splunk.com/Documentation/Splunk/5.0.7/SearchReference/ListOfSearchCommands</A></P> Fri, 28 Feb 2014 13:39:20 GMT https://community.splunk.com/t5/Splunk-Search/Combine-Merge-results-from-Exim-Search/m-p/169866#M186275 sbsbb 2014-02-28T13:39:20Z https://community.splunk.com/t5/Splunk-Search/Combine-Merge-results-from-Exim-Search/m-p/169867#M186276 <P>Could be more specific on what do you mean by merging/combining the results? Probably the output/table you're looking for.</P> Fri, 28 Feb 2014 14:05:54 GMT https://community.splunk.com/t5/Splunk-Search/Combine-Merge-results-from-Exim-Search/m-p/169867#M186276 somesoni2 2014-02-28T14:05:54Z