Splunk Search

Join query with common fields from different logs

alico
Observer

Hello everyone,

I need to find common fields from two different logs. After finding common fields I need to extract the result as a table. I need help with the first part of my problem. I have two different log files with the names of AAA and BBB. How can I compare them and find the common fields? 

Thank you.

 

Labels (2)
0 Karma

twesty
SplunkTrust
SplunkTrust

Documentation relating to the join command can be found here: https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Join

 

for further assistance here, we really need to see a snapshot of the logs and what you're trying to do. It may be that there's also an answer within this site already so please check there 😊

0 Karma

alico
Observer

Thank you for your reply,

I already did research from documents but because of my lack of knowledge I couldn't resolve it. Let me change the question then and, be more specific about my question. I have two log files AAA and BBB. I want to add some fields from these logs, lets say A1 and A2 fields from AAA and B3 and B4 fields from BBB. They are not identical, I just want to add those fields and extract the output as a table. How can I do that?

0 Karma

to4kawa
SplunkTrust
SplunkTrust

index=yours source=AAA OR source=BBB
| fields  A1  A2  B3  B4
| stats values(*) as *

I don't have any details at all, so that's about it.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!