Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine data based on a common field?

anooshac
Communicator
‎06-13-2022 05:43 AM

Hi all, i have some data task name, execution date, link uploaded earlier. Now i want to add some more data related to the task name they are component name, number of components. If i upload the 2nd data in the form task name , component name, number of components will i be able to get all data together based on one common field task name. Can anyone knows is there any solution for this?

My data are task name, execution date, link and the next set of data  is task name , component name, number of components.

Labels (2)
Labels
Tags (2)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-13-2022 05:53 AM

Yes, you can either use join or stats by task name to aggregate the values from the fields on a common take name.

0 Karma
Reply

anooshac
Communicator
‎06-13-2022 06:49 AM

I don't want to just display the data directly using stats. My raw data has alot of processing to do and using join i am joining all these processed results. Is there any solution other than this?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-13-2022 07:09 AM

Stats, just like any command, works on the events in the pipeline; you can choose where you put the stats command; you can have more than one stats command if that helps your use case.

0 Karma
Reply

anooshac
Communicator
‎06-14-2022 02:57 AM

when i use stats all the data including the data i don't want to display also shows. How to avoid these? I tried by putting table command after stats for the selected data but that doesn't work.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-14-2022 03:01 AM

The table command can be used to limit the fields/columns - the where command can be used to limit the event/rows

0 Karma
Reply

anooshac
Communicator
‎06-17-2022 04:08 AM

Okay. Thank you so much.

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

ATTENTION!! We’re MOVING (not really)

Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

  Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...
Top