Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Display only values found in two searches
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
atl215
New Member
05-03-2019
02:58 PM
index=rap sourcetype="joyner lucas"
| dedup albums| table albums
|append [search index=country sourcetype="lil Nas"
|dedup songs| table songs]
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
05-03-2019
05:30 PM
try this:
(index=rap sourcetype="joyner lucas" albums=*) OR (index=country sourcetype="lil Nas" songs=*)
| eval check_match = coalesce(albums,songs)
| stats count by check_match
| where count > 1
here is an example to try anywhere:
| makeresults count=1
| eval data = "x,y,z,123;;;x,y,z,124;;;x,y,z,125;;;x,y,z,126;;;a,b,c,123;;;a,b,c,134;;;a,b,c,125;;;a,b,c,136"
| makemv delim=";;;" data
| mvexpand data
| rex field=data "(?<idx>[^\,]+)\,(?<st>[^\,]+)\,(?<letter>[^\,]+)\,(?<number>.+)"
| eval album = if(idx=="x",number,null())
| eval song = if(idx="a",number,null())
| table idx st album song
| rename COMMENT as "the above generates data below is the solution"
| search (idx=x st=y album=*) OR (idx=a st=b song=*)
| eval check_match = coalesce(album,song)
| stats count by check_match
| where count > 1
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
atl215
New Member
05-06-2019
07:00 AM
From this answer, how would I chart the matches of this search?
(index=rap sourcetype="joyner lucas" albums=*) OR (index=country sourcetype="lil Nas" songs=*)
| eval check_match = coalesce(albums,songs)
| stats count by check_match
| where count > 1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
05-03-2019
05:30 PM
try this:
(index=rap sourcetype="joyner lucas" albums=*) OR (index=country sourcetype="lil Nas" songs=*)
| eval check_match = coalesce(albums,songs)
| stats count by check_match
| where count > 1
here is an example to try anywhere:
| makeresults count=1
| eval data = "x,y,z,123;;;x,y,z,124;;;x,y,z,125;;;x,y,z,126;;;a,b,c,123;;;a,b,c,134;;;a,b,c,125;;;a,b,c,136"
| makemv delim=";;;" data
| mvexpand data
| rex field=data "(?<idx>[^\,]+)\,(?<st>[^\,]+)\,(?<letter>[^\,]+)\,(?<number>.+)"
| eval album = if(idx=="x",number,null())
| eval song = if(idx="a",number,null())
| table idx st album song
| rename COMMENT as "the above generates data below is the solution"
| search (idx=x st=y album=*) OR (idx=a st=b song=*)
| eval check_match = coalesce(album,song)
| stats count by check_match
| where count > 1
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
atl215
New Member
05-03-2019
02:59 PM
I would like to list the values that match
Get Updates on the Splunk Community!
Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows
Modern business operations are supported by data compliance. As regulations evolve, organizations must ...
New Dates, New City: Save the Date for .conf25!
Wake up, babe! New .conf25 dates AND location just dropped!!
That's right, this year, .conf25 is taking place ...
Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud
Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud
In today’s fast-paced digital ...
