Hi Team,
I have following scenario
source type :A contains Account Number
Source type :B Contains Account ID & Date
Want to write search to join this two source types and at the same time want to find Account Number of source type A in Account ID of source type B
Please help.
thanks in advance.
You can achieve this using subsearches.
Note: dont forget to read the performance of subsearches in splunk documentation.
The below two links will help you
http://answers.splunk.com/answers/78899/problem-searching-for-matching-fields-within-multiple-source...
http://docs.splunk.com/Documentation/Splunk/6.1.2/Search/Aboutsubsearches
index=yourindex sourcetype=A | stats values(accountnumber) as accountid |join accountid [search index=yourindex sourcetype=B|table accountid date ]
did u try this?
You can achieve this using subsearches.
Note: dont forget to read the performance of subsearches in splunk documentation.
The below two links will help you
http://answers.splunk.com/answers/78899/problem-searching-for-matching-fields-within-multiple-source...
http://docs.splunk.com/Documentation/Splunk/6.1.2/Search/Aboutsubsearches
I have a similar search I am trying to work out except with machine hostnames. Single index w/ 5 different sources and am trying to build a report showing if a particular hostname shows up in each of the sources or perhaps highlight which source it's missing from.
My scenario is i have one Index which conatins two source files for ex. Source type="A" and Source Type="B". Both files contains Account ID which will be extracted using rex command. Now i want to search if account ID from Source type "A" is present in Source Type "B" then i want to extract customer ID from Source Type "B".
sandeep, would u mind providing some more details?
like what was the output of this query and how your requirement differ from its output?
As I am not an expert in splunk, it may help me.
Thank u
Hi,
Thanks for help I am already tryed this but it's not fulfilled my requirements and i want to search Acccount Number from Source type A and on the basis of that want some values and Account ID from source B.
Please help as i am new to splunk.
Thanks in advance