- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Join query with common fields from different logs
Hello everyone,
I need to find common fields from two different logs. After finding common fields I need to extract the result as a table. I need help with the first part of my problem. I have two different log files with the names of AAA and BBB. How can I compare them and find the common fields?
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Documentation relating to the join command can be found here: https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Join
for further assistance here, we really need to see a snapshot of the logs and what you're trying to do. It may be that there's also an answer within this site already so please check there 😊
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply,
I already did research from documents but because of my lack of knowledge I couldn't resolve it. Let me change the question then and, be more specific about my question. I have two log files AAA and BBB. I want to add some fields from these logs, lets say A1 and A2 fields from AAA and B3 and B4 fields from BBB. They are not identical, I just want to add those fields and extract the output as a table. How can I do that?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index=yours source=AAA OR source=BBB
| fields A1 A2 B3 B4
| stats values(*) as *
I don't have any details at all, so that's about it.
