Solved: Re: user name missing or exist in search

pr_blr · ‎05-17-2013

I am reading user from lookup file and then searching a search and find the user list from lookup file and giving table as user and status missing or exist in search.
please suggest me what should be the efficient way of doing this.

kml_uvce · ‎05-17-2013

there are 2 ways of doing this.
1) Use left join : <first search of lookuptable> left join <second search>
2) use transaction and append on user: <first search of lookuptable> |append <second search> |transaction user|use if condition to see any field of second search exist then make value as exist otherwise missing.

second way of doing is faster than first...

kamal singh bisht

View solution in original post

kml_uvce · ‎05-17-2013

there are 2 ways of doing this.
1) Use left join : <first search of lookuptable> left join <second search>
2) use transaction and append on user: <first search of lookuptable> |append <second search> |transaction user|use if condition to see any field of second search exist then make value as exist otherwise missing.

second way of doing is faster than first...

kamal singh bisht

pr_blr · ‎05-17-2013

thanks second option works for me

user name missing or exist in search

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

user name missing or exist in search

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!