Hi ,
I want to join two searches without using Join command ?
I don't want to use join command for optimization issue.
Index name is same for both the searches but i was using different aggregate functions with the search .
Hi ,
You can use the same search for these optimization issue.
I prefer to write it like this.
index=indexname
| stats dc(yourfield) count(eval(anotherfield=fieldvalue)) by other field names
Hi ,
You can use the same search for these optimization issue.
I prefer to write it like this.
index=indexname
| stats dc(yourfield) count(eval(anotherfield=fieldvalue)) by other field names
Thanks, I was looking for this one
Hi ,
If i am able to answer your query , Can you please mark this answer as accepted ?
@soumidutta,
Would it be possible to provide more details ? Do you have a common field in both searches? Or how do you want to join them? How are the events look like and what's your expected output?