https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305402#M91696 <P>Hi urapaveerapan,<BR /> you can try to use </P> <PRE><CODE>Category="*short_description*" OR Subategory="*short_description*" </CODE></PRE> <P>Or try using the like option (see at <A href="http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/ConditionalFunctions">http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/ConditionalFunctions</A>)</P> <PRE><CODE>... | where like(Category, "%short_description%") OR like(Subcategory, "%short_description%") </CODE></PRE> <P>Obviously this search will be not so quick!</P> <P>Bye.<BR /> Giuseppe</P> Mon, 22 May 2017 08:32:29 GMT gcusello 2017-05-22T08:32:29Z https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305399#M91693 <P>Hi</P> <P>I'm very new in Splunk, I'd like to find the event where the short description contain the "Category" or "Subcategory field. (Example in the the yellow highlight.<BR /> Other than the field value, how can I match the related words between the fields? <BR /> For example, <BR /> "CBM Precast" related to "Truck loading" and "GI"<BR /> If the Splunk found "Truck loading" or"GI", it also mean that this event match with "Category" field as well.</P> <P>Please help!!</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/2973i0172B29D1D111F2B/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Sun, 21 May 2017 14:59:06 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305399#M91693 urapaveerapan 2017-05-21T14:59:06Z https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305400#M91694 <P>Hi urapaveerapan,<BR /> you have to create a simple search like the following:<BR /> if you want a value that fully matches the Category field</P> <PRE><CODE>index=your_index sourcetype=your_sourcetype Category="CBM Precast" | ... </CODE></PRE> <P>if you want a value that partially matches the Category field</P> <PRE><CODE>index=your_index sourcetype=your_sourcetype Category="*Precast*" | ... </CODE></PRE> <P>or if you're not sure of the field to use in search</P> <PRE><CODE>index=your_index sourcetype=your_sourcetype Precast | ... </CODE></PRE> <P>Beware that the field name is case sensitive, instead field value isn't.</P> <P>I suggest to follow the search tutorial that you can find at <A href="http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchTutorial/WelcometotheSearchTutorial">http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchTutorial/WelcometotheSearchTutorial</A></P> <P>Bye.<BR /> Giuseppe</P> Mon, 22 May 2017 07:20:46 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305400#M91694 gcusello 2017-05-22T07:20:46Z https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305401#M91695 <P>Dear Giuseppe,</P> <P>The search item is dynamic. It depend on the value in Category or Subcategory fields. So I cannot fill the extact word in its.<BR /> Let say, if it is sql query, it gonna be like<BR /> select * from [table_name] where [short description] like '%'||Category||'%' or [short description] like '%'||Subcategory||'%'</P> Mon, 22 May 2017 08:04:16 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305401#M91695 urapaveerapan 2017-05-22T08:04:16Z https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305402#M91696 <P>Hi urapaveerapan,<BR /> you can try to use </P> <PRE><CODE>Category="*short_description*" OR Subategory="*short_description*" </CODE></PRE> <P>Or try using the like option (see at <A href="http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/ConditionalFunctions">http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/ConditionalFunctions</A>)</P> <PRE><CODE>... | where like(Category, "%short_description%") OR like(Subcategory, "%short_description%") </CODE></PRE> <P>Obviously this search will be not so quick!</P> <P>Bye.<BR /> Giuseppe</P> Mon, 22 May 2017 08:32:29 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-if-data-contain-value-from-the-other-fields/m-p/305402#M91696 gcusello 2017-05-22T08:32:29Z