I have a serach which will gives the Top 4 records.
Search1 result looks like
I have one another search which gives the result like:
Search2 result looks like:
How can I get the below result using the 2 searches above (Only those rows from Search2 whose Col-1 value is present in Search1 Col-1)?
Expected Final Result Table
Please guide/help me.
I downvoted this post because the suggested way is not working....
source=A OR source=B | eventstats dc(source) as x by col1 | where x=1 AND source=B | table col1 col2
You can try this:
search2 | table Col1, col2| join Col1 [search search1| table Col1]
Please let me know if this doesn't work and mark as answered if it works