Hi Team,

Below is my query:

index= "abc*" sourcetype=600000304_gg_abs_ipc1 OR sourcetype=600000304_gg_abs_ipc2 "Message successfully sent to Cornerstone" source!="/var/log/messages"

I am getting result of " sourcetype=600000304_gg_abs_ipc1 

I am not getting result of 600000304_gg_abs_ipc2

I need result of both sourcetype in one frame.

Can someone help