Solved: how to use search command combine the 2 rows recor...

mwong · ‎02-24-2013

I run the search and it come up with 2 records with 2 fields common in value. Any idea how to combine the 2 record into 1 record?

sourcetype="AAA"|table A_id, B_id, A_start, A_end, B_start, B_end

daniel_splunk · ‎02-24-2013

From your result, if either A-id or B-id have value but not both, you can use strcat to combine it and then use the stats function to get the result.

For example,
sourcetype="AAA"|strcat A-id B-id combine|table combine, A-start, A-end, B-start, B-end|stats max(*) by combine

daniel_splunk · ‎02-24-2013

From your result, if either A-id or B-id have value but not both, you can use strcat to combine it and then use the stats function to get the result.

For example,
sourcetype="AAA"|strcat A-id B-id combine|table combine, A-start, A-end, B-start, B-end|stats max(*) by combine

how to use search command combine the 2 rows records into 1 row