It would help to see examples of your data, your existing searches, and what you want in the results.
Keep in mind that Splunk is not SQL. In Splunk, a table is a data display format, not an input.
Thanks for the reply.
Sample Query for better understanding the scenario:
| join type=inner Code[search source="Table2.csv" ]
| eval NewField = "October"
| table Table_new Table1field1, Table2field1, NewField
Is there a way I can store "Table_new" so that I can use it a different query? Or is there a different and efficient way to do it.
Thanks in advance!
Have a look at the
outputlookup command, which would replace the table command. It stores the query output in a file which a subsequent query can read using
Thank you that worked