Please try to assist me.
My data structure is -
Date , field1 , field2 , field3
I need to search events that contain a specific value in field2 , based on the results display all the events that contain a common value of field1.
17/2 AAA BBB gfg17/2 XXX VVV hjh17/2 AAA MMM klkSearching BBB will display this lines (that have AAA in common) -17/2 AAA BBB gfg17/2 AAA MMM klk
Help will be appreciated,
| eval field4=if(field2="BBB",field2,null)
| eventstats values(field4) as field4 by field1
| where field4="BBB"
View solution in original post
Thank you very much !