- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
snehalk
Communicator
12-30-2016
03:31 AM
Hello All,
I have the requirement where i need to marge two search query values depending on parameter.
Example:
Result of Query 1:
ID Email Status
1 xyz@abc Pass
2 dd@fd Fail
Result Query 2
ID Email Status
1 xyz@abc Fail
2 dd@fd Fail
What i want as final result
Final Query [ query 1 + query 2 ]
ID Email Status
1 xyz@abc Fail
2 dd@fd Fail
Because the Id with 1 and email id with xyz@abc failed in second result .
I have used append and appendcols but its not working,.
So can any one help me on this?
Thanks!!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
snehalk
Communicator
01-02-2017
02:49 AM
Hi All,
I got the answer for this problem. the query is as follow.
search query 1 | stats count by ID,Email,Status1 | appendcols [search query 2 | stats count by ID,Email,Status2 ] | eval finalstatus=if ( Status1= Pass AND Status2= Pass, "Pass", Fail) | stats count by finalstatus
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
snehalk
Communicator
01-02-2017
02:49 AM
Hi All,
I got the answer for this problem. the query is as follow.
search query 1 | stats count by ID,Email,Status1 | appendcols [search query 2 | stats count by ID,Email,Status2 ] | eval finalstatus=if ( Status1= Pass AND Status2= Pass, "Pass", Fail) | stats count by finalstatus
