Hello thank you for reaching out to me and for the code you have provided I truly appreciate your time!. To answer your question: Yes my main issue is to associate the first tag with the second tag so that I can know what final combination a client got in order to tell if the nickname change was successful. to answer if there is a piece of information to identify each "transaction" yes there is, is a field name "chip_id_page08" this is a unique number that will be recorded  through  the two stages something like this:

and even though the ID will always be recorded in the same manner, the field "chip_id_Page08" will have a unique number combination to identify each attempt so thank you so much for making me aware of that! 

You say I could do a Join then... and my heart started to beat faster but in the documentation I dont really see how to do it, plus Splunk does not allow me to "store" a table in a variable to later on do a join as I would do in Python, I will be So thankful and grateful if you have the time to show me a code that could work well adding the field "chip_id_Page08" I will be eager to hear from you again thanks a lot.

PD: As you correctly point out list() is also showing some "errors-- I believe from splunk" like a bunch of "internal code" I guess the machine is doing

Kindly,

Cindy

@ITWhisperer    I am in tears almost I am speechless thank you for taking the time to help me and for teaching me along the way like.... I was thinking about quitting my job my new boss has now demanded that we use Splunk to do everything we used to do in SQL or JAVA or python and we haven't received proper training yet, he is already asking us to do many things... I couldn't find any online course for free other than Splunk fundamentals one but  that course alone won't train me enough to do all the things I can do in other softwares. Thank you so much   @ITWhisperer  I have one final question I promise, I have a friend that has to do something similar as I did but the event or logs that she has do not have the luxury of a common "identifier" however they do happen sequentially  in 3 stages, each stage has its own "payment id" if she could pass the "payment id" to the following stages she could now have a common identifier throught the 3 stages by client ... how would one go around doing that? is it better to ask that in another question?

@ITWhisperer  Thanks a Million from the very bottom of my heart , where can I send a congratulatory  letter to Splunk about you?

@cindygibbs_08 Thank you for acknowledging (and karma'ing) the help you received from @ITWhisperer - it's what the Splunk community is all about!

@cindygibbs_08 You are welcome. Quitting your job would be a bit extreme. You can always ask questions here, and usually someone in the community will have some sort of an answer. Once you get the hang of it, splunk can do a lot of things, although not everything, and it isn't always easy. As with most things, it is about using the right tool for the right job.

For your friends question, it is probably best to submit a new question to keep the subject separate, so others can find it more easily if they have a similar question, but, in a nut-shell, the answer may lie in transactions, or potentially streamstats and eventstats (hard to know without the details). There is often more than one way to crack a nut. The more detail your friend can provide the better. If the problem statement is too vague or over-simplified, it will only generate more questions, and inappropriate solutions.

As far as congratulatory messages, there is no need, but if you really want to, you could try messaging one of the community managers e.g. @bjennewein or @sensitive-thug or someone like that, they are usually interested in how the community is helping their customers.