I want to know why this code is not working
index="malecious_url" OR index="surikata" |fields http2,http | where(http==http2)
I want to compare them and show which thing is similar in 2 fields that I created in 2 different indexes and sourcetypes
== is equal. Similar is not the same statement. So, if the fields do not match exactly you will get no results. try a table http, http2 on the end and skim the results to see how they look compared to each other.