Hi Team,
Below is my query:
index= "abc*" sourcetype=600000304_gg_abs_ipc1 OR sourcetype=600000304_gg_abs_ipc2 "Message successfully sent to Cornerstone" source!="/var/log/messages"
I am getting result of " sourcetype=600000304_gg_abs_ipc1
I am not getting result of 600000304_gg_abs_ipc2
I need result of both sourcetype in one frame.
Can someone help
