What is the most efficient way to reconcile the da...

iamsplunker · ‎04-19-2023

I wanted to reconcile the data from 2 indexes say index=A and index=B both indexes have some common fileds like field1,field2,field3,field4,field5

at the end I wanted to compare the data from index A and index B side by side with time span of 1s.

The report should display _time index1 index2 source field1 field2 field3 field4 field5 and difference between the 2 indexes eventcount or any other.

inventsekar · ‎04-19-2023

Hi,

1) is this an one time report task or you want this report to be run weekly/monthly, etc

if you want to run this report weekly/monthly, then, summary indexing (link), report acceleration(link) will help you very good.

2) how big the two indexes are..

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

iamsplunker · ‎05-02-2023

@inventsekar Do you have any examples/sample search to share for my requirement.

iamsplunker · ‎04-19-2023

hi @inventsekar , Thanks for your response. For now it's a one time report. I'm looking for a sample search to accomplish this.

we have about ~ 3-5K events per day

What is the most efficient way to reconcile the data from 2 indexes and create a report?