Re: How to combine two searches so that I can get ...

anil_kr01 · ‎05-10-2016

Hi

I have a serach which will gives the Top 4 records.

Example

Search1 result looks like

Col-1

ABC
DEF
GHI
JKL

I have one another search which gives the result like:

Search2 result looks like:

Col-1 Col-2

ABC 123
DEF 456
GHI 789
ABC 101
JKL 112
MNO 131
PQR 415
STU 161
VWX 718

How can I get the below result using the 2 searches above (Only those rows from Search2 whose Col-1 value is present in Search1 Col-1)?

Expected Final Result Table

Col-1 Col-2

ABC 123
DEF 456
GHI 789
ABC 101
JKL 112

Please guide/help me.

bainskaransingh · ‎05-11-2016

You can try this:

search2 | table Col1, col2| join Col1 [search search1| table Col1]

Please let me know if this doesn't work and mark as answered if it works

sundareshr · ‎05-11-2016

Try this...

source=A OR source=B | eventstats dc(source) as x by col1 | where x=1 AND source=B | table col1 col2

ctaf · ‎05-10-2016

Hello,

Have you tried :

Query 2 [ Query 1 ]

anil_kr01 · ‎05-11-2016

I downvoted this post because the suggested way is not working....

anil_kr01 · ‎05-10-2016

I have tried that but it doesn't work 😞

ctaf · ‎05-10-2016

Is the field name of Col-1 is the same in both queries?

anil_kr01 · ‎05-10-2016

Yes! it is same in both the query.

How to combine two searches so that I can get only those rows from Search2 whose Col-1 value is present in Search1 Col-1?