https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704308#M238671 <P>Hello,</P><P>Thanks for your help,&nbsp; I am hoping for a way in the search to say something like if name from first query = servername1 then name from second query = teamname1.&nbsp; But, have no idea how to achieve that.</P><P>Thanks,</P><P>Tom</P> Wed, 13 Nov 2024 17:05:33 GMT mninansplunk 2024-11-13T17:05:33Z https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704302#M238669 <P>Hello,</P><P>Sorry, still trying to get the hang of Search queries.&nbsp; &nbsp;I am tasked with creating a table that displays a server name from one search, with a team name from another search that corresponds with the server name.&nbsp; In example,</P><P>1st Search&nbsp;</P><LI-CODE lang="markup">index="netscaler | table servername</LI-CODE><P>Results in a table like:</P><P>servername1</P><P>servername2</P><P>&nbsp;</P><P>2nd Search</P><LI-CODE lang="markup">index="main | table teamname</LI-CODE><P>Results in a table like</P><P>teamname1</P><P>teamname2</P><P>&nbsp;</P><P>I need to make 1 table that will display the corresponding teamname to the servername.&nbsp; Like If servername = servername2, display teamname2 in the same table row.</P><P>Does that make sense. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp; Let me know if any details are needed.&nbsp; Not sure how to do this one.</P><P>Thanks for any help,</P><P>Tom</P> Wed, 13 Nov 2024 16:08:53 GMT https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704302#M238669 mninansplunk 2024-11-13T16:08:53Z https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704305#M238670 <P>The two searches have no obvious relationship to each other.&nbsp; How is Splunk to know how to match a server name to a team name?</P> Wed, 13 Nov 2024 16:39:55 GMT https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704305#M238670 richgalloway 2024-11-13T16:39:55Z https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704308#M238671 <P>Hello,</P><P>Thanks for your help,&nbsp; I am hoping for a way in the search to say something like if name from first query = servername1 then name from second query = teamname1.&nbsp; But, have no idea how to achieve that.</P><P>Thanks,</P><P>Tom</P> Wed, 13 Nov 2024 17:05:33 GMT https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704308#M238671 mninansplunk 2024-11-13T17:05:33Z https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704310#M238672 <P>It might be helpful if you shared some sample (anonymised) events from your searches, preferably in raw format in codeblocks (using the &lt;/&gt; button above)</P> Wed, 13 Nov 2024 17:09:47 GMT https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704310#M238672 ITWhisperer 2024-11-13T17:09:47Z https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704312#M238673 <P>Yes, you said that in the OP, but what is the logic behind that matching?&nbsp; The query needs an algorithm it can use to pair servers with teams.&nbsp; Otherwise, you're looking at creating a lookup table that does the matching.</P> Wed, 13 Nov 2024 17:10:28 GMT https://community.splunk.com/t5/Splunk-Search/How-to-tie-in-2-different-event-sources-to-display-a-field-value/m-p/704312#M238673 richgalloway 2024-11-13T17:10:28Z