I have
Ex:
Search query 1:
I have one type of log, it contains Roll Number, Date of Joining, Class and etc
Search query 2:
Another log, it contains Name, Roll Number, Address and etc.
Aim:
Search query to obtain results in stats like
Roll Number, Name, Date of Joining
In single logs the above three fields are not available. Both logs are different sourcetypes. I am looking for another commands or techniques other than transaction command.
Thanks in advance
Try something like this:
sourcetype=name_source OR sourcetype=joining_date | stats values(name) as name values(joining_date) by roll_number
Right, the technique of using stats for joins. You can google for splunk join using stats
.
Another example at How to perform JOIN with STATS