Splunk ITSI
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Correlating events from 2 different indexers when there is no common field

vijaya5
Engager
‎04-14-2020 02:44 AM

Hi,

I have 2 different indexers snmptrapd and servicenow.

Where snmptrap will have NNMI related events for storage devices, such as when any storage device is down/not functional

and servicenow indexer will have incident related events from CMDB data.

So i need to get events with storage device down along with respective Incident data.

Is there any possibility to correlate these 2 indexers, so that i can get required

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-14-2020 05:42 AM

I believe "indexers" is mis-used here and should be "indexes".

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

harishalipaka
Motivator
‎04-14-2020 03:15 AM

@vijaya5

Can you provide sample data ?

Thanks
Harish
0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎04-14-2020 05:18 AM

with expected results 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top