Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Get full join result of two logs

foloyo1314
Engager
‎12-19-2012 01:41 AM

How to get full join result of the below two logs:
log1:
ID, value1
1,aaa
1,abc

log2:
ID, value2
1,X1
1,X4
When join the two logs with source=log1 join type=inner ID [search source=log2] , it will get results like
ID,value1,value2
1,aaa,X1
1,abc,X1
How can I get the full join of the two logs like:
ID,value1,value2
1,aaa,X1
1,abc,X1
1,aaa,X4
1,abc,X4
Thanks!

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎12-19-2012 02:25 AM

You're probably looking for the max=0 option of the join command, enabling the re-use of a previously joined event for more joins. Note though, for large inputs this may yield huge result sets.

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎12-19-2012 02:25 AM

You're probably looking for the max=0 option of the join command, enabling the re-use of a previously joined event for more joins. Note though, for large inputs this may yield huge result sets.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎04-05-2013 08:01 AM

The question of how to get the full join was indeed solved by setting max=0. If you have a different problem not solved by this you should ask a separate question.

0 Karma
Reply
Solved! Jump to solution

smolcj
Builder
‎04-05-2013 05:47 AM

😞 How this is solved?? even i am looking for same solution.. i have 3 joins in my query 😞 but appending max=0 didn't solve my issue 😞

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...