Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

can we fill the Field Values basing on the Other Field Value ?

rakesh_498115
Motivator
‎12-19-2012 03:06 AM

Hi..

I have sample log events as follows :

event 1 :

12-10-24:0:0:1 RequestOrder OrderNo=107 Product=Samsung...
..
....
....

event 2 :

12-10-24:0:0:1 OrderProcessed OrderNo=107

...
......

....

Now i have created rex for order status and displayed the following fields . In Orderprocessed log i dont have the info of product ,so my data displayed like this

sourcetype="mylog" ("RequestOrder" OR "OrderProcessed") | table OrderStatus,OrderNo,Product

output :

OrderStatus Orderno Product
RequestOrder 107 Samsung
ProcessOrder 107

Since there is no procuct name info in OrderProcessed log . i couldnt able to display in the table . is there is a way in splunk which we can assign the procduct name basing on the Orderno . for the all the same Ordernos Product Names Should be same ..Can we do it splunk ??

Please help ?

Tags (1)
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-19-2012 03:14 AM

You can do something along the lines of this:

... | eventstats values(Product) as Product by OrderNo
0 Karma
Reply
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...