Re: Join query with common fields from different l...

alico · ‎06-11-2020

Hello everyone,

I need to find common fields from two different logs. After finding common fields I need to extract the result as a table. I need help with the first part of my problem. I have two different log files with the names of AAA and BBB. How can I compare them and find the common fields?

Thank you.

twesty · ‎06-12-2020

Documentation relating to the join command can be found here: https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Join

for further assistance here, we really need to see a snapshot of the logs and what you're trying to do. It may be that there's also an answer within this site already so please check there 😊

alico · ‎06-12-2020

Thank you for your reply,

I already did research from documents but because of my lack of knowledge I couldn't resolve it. Let me change the question then and, be more specific about my question. I have two log files AAA and BBB. I want to add some fields from these logs, lets say A1 and A2 fields from AAA and B3 and B4 fields from BBB. They are not identical, I just want to add those fields and extract the output as a table. How can I do that?

to4kawa · ‎06-13-2020

index=yours source=AAA OR source=BBB
| fields A1 A2 B3 B4
| stats values(*) as *

I don't have any details at all, so that's about it.

Join query with common fields from different logs

fields

join

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services