Solved: How can I take keywords from a field in a search, ...

shiv1593 · ‎02-06-2018

Hi All,

I have two data fields, called "Issues" and "Complete issue" which look like this.

What I want to do is that I want to use keywords like SAP,MCAFEE,AD,WINDOWS,USER*INFORMATION ( I want to use both of these words to get involved in the search), VPN from the field called "Issues", and look for them in the field called "Complete issue" and turn the search results to look like this. In simple words, use the keywords from "Issues", look for them in "Complete issue" and whichever search field contains any of those words, bring them together just like below.

How can I do this?

Thank you in advance

mdsnmss · ‎02-07-2018

This appears to be about a duplicate of this: https://answers.splunk.com/answers/616151/using-values-of-a-field-compare-them-in-another-fi.html#an.... The method used there can be used to match keywords like this.

View solution in original post

mdsnmss · ‎02-07-2018

This appears to be about a duplicate of this: https://answers.splunk.com/answers/616151/using-values-of-a-field-compare-them-in-another-fi.html#an.... The method used there can be used to match keywords like this.

skoelpin · ‎02-06-2018

This may be helpful

https://answers.splunk.com/answers/545342/compare-values-from-2-string-fields-and-identify-m.html

How can I take keywords from a field in a search, compare them to another field in the search and the field values that match the keyword, bring them together?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann