Hello friends,
Please try to assist me.
My data structure is -
Date , field1 , field2 , field3
I need to search events that contain a specific value in field2 , based on the results display all the events that contain a common value of field1.
Example -
17/2 AAA BBB gfg
17/2 XXX VVV hjh
17/2 AAA MMM klk
Searching BBB will display this lines (that have AAA in common) -
17/2 AAA BBB gfg
17/2 AAA MMM klk
Help will be appreciated,
Thank you.
Try this
| eval field4=if(field2="BBB",field2,null)
| eventstats values(field4) as field4 by field1
| where field4="BBB"
Try this
| eval field4=if(field2="BBB",field2,null)
| eventstats values(field4) as field4 by field1
| where field4="BBB"
Thank you very much !