Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Distinct Count of Field1 and field2

heamik
Engager
‎11-02-2020 03:20 PM

I am trying to get a distinct count of tacking id from all of our production indexes. The issue I am running into is that for internal indexes my field of interest is named "trackingid" and for external indexes the field is named "trackingId". 

I have tried several things and can only get values for either internal or external, and or both in separate columns. I cannot get both fields renamed as "tid". Which would then be split by region based on host.

Labels (4)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-03-2020 01:29 AM 
| eval trackingid=coalesce(trackingid,trackingId)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-03-2020 01:29 AM 
| eval trackingid=coalesce(trackingid,trackingId)
0 Karma
Reply
Solved! Jump to solution

heamik
Engager
‎11-03-2020 06:50 AM

Thank you so much!!! That solved the problem perfectly!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...