Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to merge two tables to get result in one table

avi7326
Path Finder
‎12-05-2023 03:34 AM

How to get a single table from this query having all the correlationId together in one table

avi7326_0-1701776034776.png

 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-05-2023 03:47 AM

Your join has already created a single table. However, you might want to consider including both sourcetypes and filters in the same initial search, then collate the events with a stats command.

0 Karma
Reply

avi7326
Path Finder
‎12-05-2023 04:04 AM

What else I can do to get the correlationId in one table as this query is comparing and giving the common results.

(sourcetype=bmw-crm-wh-sl-sfdc-subscribe-pe-int-api ("Received platform event for CUSTOMER"))

| table properties.correlationId

| join left=L right=R type=inner where L.properties.correlationId=R.properties.correlationId [search sourcetype=bmw-pl-customer-int-api ("recipient : *.ESOCRM") | table properties.correlationId]



And can I again you join in this query.

Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-05-2023 04:06 AM 
(sourcetype=bmw-crm-wh-sl-sfdc-subscribe-pe-int-api ("Received platform event for CUSTOMER")) OR (sourcetype=bmw-pl-customer-int-api ("recipient : *.ESOCRM")) | stats values by properties.correlationId
0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...