Re: How do i create this kind of relationship of t...

DiegoAlba · ‎04-05-2017

For example
ID field1. ID field2
1 A. 1 X
2 B. 2. Y
1. E. 1. Z
AND I WHAT TO GET THIS
ID field1. field2
1. A. X
1. A. Z
2. B. Y
1. E. X
1. E. Z
Can someone of you help me please

javiergn · ‎04-06-2017

Sorry I'm a bit confused about your example.

So assuming you have two tables:

Table1 (represented by mycsv.csv in the sample below) like this:

ID,field1
1,A
2,B
1,E
Table 2 (represented by mycsv2.csv in the sample below) like this:

ID,field2
1,X
2,Y
1,Z

The following code:

| inputcsv mycsv.csv 
| join max=0 ID [ | inputcsv mycsv2.csv ]

Will provide the following output:

ID  field1  field2
1   A   X
1   A   Z
2   B   Y
1   E   X
1   E   Z

As per the attached picture.

Is that what you are looking for?

Thanks,
J

DiegoAlba · ‎04-06-2017

Hello Javier.

What you understood is exactly what i tried to Say.
Thank you so much!

javiergn · ‎04-07-2017

Hi @DiegoAlba,

If you are happy with the response please don't forget to mark this as answered so that others can benefit from it in future.

Thanks,
J

How do i create this kind of relationship of two indexes

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?