I have 2 queries and need to show the result of both in one table
index=someindex queryType="ts" filename=PNASC.HRBDT status=1 | dedup filename |rename filename as Daily| stats count(Daily)
index=someindex queryType="ts" filename=RECON status=1 | dedup filename |rename filename as Weekly | stats count(Weekly)
both the above queries work individually but when joined as below
index=someindex queryType="ts" filename=RECON status=1| dedup filename |rename filename as Weekly| join queryType [search index=someindex queryType="ts" filename=PNASC.HRBDT status=1 | dedup filename |rename filename as Daily ]| stats count(Daily),count(Weekly)
gives incorrect output
1 Solution
