Splunk Search

Joining of two fields order by

swetar
New Member

2018/17/25 19:37:27 Field1="0" FIELD_TEXT="Select"
2018/17/25 10:30:17 Field1="0" FIELD_TEXT="name"
2018/17/25 06:9:00 Field1="2" FIELD_TEXT="from "
2018/17/25 00:00:00 Field1="4" FIELD_TEXT="table"
2018/17/25 00:00:00 Field1="4" FIELD_TEXT="table2"

Required o/p
FIELD_TEXT
Select name from table table2

I wanted to display the FIELD_TEXT value order by Field1
CAn any one suggest me, how can I achieve this

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Perhaps this will help.

... | sort Field1 | table FIELD_TEXT
---
If this reply helps you, Karma would be appreciated.
0 Karma

renjith_nair
Legend

@swetar,

Are you looking for

"Your search " | fields FIELD_TEXT,Field1|sort Field1|fields - Field1
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma

swetar
New Member

Thanks! it worked

0 Karma

renjith_nair
Legend

@swetar, glad to know. Please accept as answer to close the thread

---
What goes around comes around. If it helps, hit it with Karma 🙂
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...