Archive
Highlighted

Combine/Merge results from Exim Search

New Member

As first, sry for my bad english.

At the moment i making a praktical training
My ask is to analyze exim4 Logs. My Problem is for example if search for a Message ID, i find 3 results. How can i combine/emerge this three results in one results?

Thank you.
FloFa

Tags (3)
0 Karma
Highlighted

Re: Combine/Merge results from Exim Search

Builder

Hi FloFa,

You have several options, here are two :
- use "stats" function, to group you 3 messages : | stats ... by MessageID
- if you need the raw content from the events, have a look a the "transaction" command : | transaction MessageID |...

http://docs.splunk.com/Documentation/Splunk/5.0.7/SearchReference/ListOfSearchCommands

0 Karma
Highlighted

Re: Combine/Merge results from Exim Search

SplunkTrust
SplunkTrust

Could be more specific on what do you mean by merging/combining the results? Probably the output/table you're looking for.

0 Karma