Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Query question between 2 indexes

christay
New Member
‎07-06-2020 01:11 AM

Hi Guys,

Can i check how can i craft the query given the following condition.

I have 2 indexes IndexA and IndexB with the following filed in each index.

Example as follows :

IndexA

Field contains :

srcIP = 10.10.10.10
cat = malicious IP 100%

IndexB

Field contains  :

TrueClientIP = 10.10.10.10

The objective of my query is to compare "TrueClientIP" under Index B against "srcIP" under IndexA and the condition that if the "cat" field under IndexA is tag under malicious IP it will return me the count .

How can i craft the above query ?

Thanks for the help.

 

0 Karma
Reply

to4kawa
Ultra Champion
‎07-06-2020 01:27 AM

index=IndexA OR index=IndexB | eval ip=coalesce(srcIP,TrueClientIP) | rex field=cat "(?<malicious>malicious)" | stats count(malicious) by ip

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...