Self Join Statement does not work

shayhk · ‎12-17-2013

Host Demo

RequestID | Method | Type

111 Method_X 1

222 Method_T 1

111 Method_Q 2

233 Method_R 1

As a result

i am looking for the flow of RequestID=111

RequestID | Method1 | Method2

111 Method_X Method_Q

Search code- not working:

host=Demo

| table RequestID Method

| where RequestID =111 and Type=1

| rename Method as Method1

| selfjoin RequestID
[
table RequestID Method
| where RequestID =111 and Type=2
| rename Method as Method2
]

|table RequestID Method1 Method2

looking for a solution

Thanks
shay

somesoni2 · ‎12-17-2013

First, the output you're looking for is not possible with self-join. Secondly, the self join syntax you're using is incorrect. The correct syntax is as follows:

Your search | selfjoin <selfjoin optoins> <join field name(s)>

What you're looking for can done by normal join as follows

host=Demo| table RequestID Method| where  RequestID =111 and Type=1| rename Method as Method1| join RequestID [search host=demo| table RequestID Method  | where  RequestID =111 and Type=2
  | rename Method as Method2]|table RequestID Method1 Method2

shayhk · ‎12-17-2013

It's working
Thanks