Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Combine data from 2 indexes

hvdtol
Path Finder
‎08-26-2021 03:01 AM

Hi,

I am trying to combine data from 2 indexen, but i find it hard to do.
I tried several stats values command, but that  did not gave me the solution
This is my source:

collection        hostname        stage          stagedata
                                                        st1               A1234;DEF
                                                        st1               A3456;XYZ
                                                        st2                A7890;XYZ
                                                        st3                B1234;ABC
COLLA               h1                     st1
COLLA              h2                     st1
COLLB              h3                      st2
COLLB              h4                      st2
COLLC             h5                       st1
COLLD              h6                       st3


An this is what i am trying to accomplice:

collection hostname            stage     stagedata
COLLA       h1                           st1          A1234;DEF
                                                                      A3456;XYZ
COLLA       h2                           st1          A1234;DEF
                                                                      A3456;XYZ
COLLB      h3                           st2           A7890;XYZ
COLLB     h4                            st2           A7890;XYZ
COLLC    h5                             st1           A1234;DEF
                                                                       A3456;XYZ
COLLD     h6                           st3            B1234;ABC

Any help would be appreciated.

Regards,

Harry

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hvdtol
Path Finder
‎08-26-2021 03:34 AM

Aah, the trick is to combine fields....
Of course. Very smart.

Thank you very much.

Regards,

Harry

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

hvdtol
Path Finder
‎08-26-2021 03:34 AM

Aah, the trick is to combine fields....
Of course. Very smart.

Thank you very much.

Regards,

Harry

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-26-2021 04:11 AM

Please can you mark the solution as the solution rather than your response to the solution?

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-26-2021 03:17 AM 
| makeresults 
| eval _raw="collection,hostname,stage,stagedata
,,st1,A1234;DEF
,,st1,A3456;XYZ
,,st2,A7890;XYZ
,,st3,B1234;ABC
COLLA,h1,st1
COLLA,h2,st1
COLLB,h3,st2
COLLB,h4,st2
COLLC,h5,st1
COLLD,h6,st3"
| multikv forceheader=1
| table collection hostname stage stagedata



| eval collectionhost=collection."!".hostname
| fields - collection hostname
| stats values(*) as * by stage
| stats values(*) as * by collectionhost stage
| eval collection=mvindex(split(collectionhost,"!"),0)
| eval hostname=mvindex(split(collectionhost,"!"),1)
| table collection hostname stage stagedata
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...

From GPU to Application: Monitoring Cisco AI Infrastructure with Splunk Observability ...

AI workloads are different. They demand specialized infrastructure—powerful GPUs, enterprise-grade networking, ...

Application management with Targeted Application Install for Victoria Experience

  Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...