How do I join two fields together so there is not whitespace in my table. I want to join sfailed and EventCodeDescription so that it will list "Shutdown or reboot"
index="Desktop" (EventCode=513 OR EventCode=3003) OR reboot EventCodeDescription= "sfailed" OR "Shutdown"| rex"Shutdown\s\S+(?\s\S+)" | table _time sfailed host user EventCodeDescription | rename _time AS Time | convert timeformat="%H/%M/%S %d.%m.%Y" ctime(Time) | rename user AS Username | rename host AS "Machine Name" EventCodeDescription AS "Description"
