- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Joining two log files that have two common fields
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
It would be very helpful for me if you could find out the solution for the following scenario.
SELECT * FROM mytable1 INNER JOIN mytable2 ON mytable1.mycolumn=mytable2.mycolum and mytable1.mycolumn1=mytable2.mycolum1
Please advice on this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi karthicjayaraman,
Try something like this:
your search to get Log1 OR LOG2 events | eval compare=data + "-" + status | stats count by compare, data, result, status | fields - compare
hope that helps to get you started...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi karthicjayaraman,
Try something like this:
your search to get Log1 OR LOG2 events | eval compare=data + "-" + status | stats count by compare, data, result, status | fields - compare
hope that helps to get you started...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you be more specific about your exact scenario? You list a SQL query, but Splunk itself is not a relational database. There is a DBConnect app that allows Splunk to consume data from RDBMSes using SQL. Are you asking about that? Or are you using your query as the type of thing you're looking to do with logs stored in Splunk? Depending on your end goal and the data you are trying to relate, there are a number of SPL commands that can be used to correlate data across events (including but not limited to the SPL join command. The docs even have a nice flowchart with some examples as to under what conditions you might consider using a few of th...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Acharlieh,
Thanks for your reply . I have two log files with me called log1 and log2. I have to join those 2 logs with common fields (2 unique Fields) .
Log1 Sample
data=demo result=pass status=12345
data=required result=fail status=123
Log2 Sample
data=demo result=abort status=12345
data=info result=denied status=123
I would like to create the search query if the log1 data and status matched to Log2.
Here the problem is I have to match 2 common fields (data and Status ) .Could you please guide me on this.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
