Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
4,000 results
Sorted by:
03-10-2020
09:49 AM
Anything wrong with this join and subsearch? I know there are events which should match based on the 'cs_host' field. Not sure if the rename is confusing things, or my syntax is off slightly.
i...
01-28-2021
03:43 AM
Hi, I have the below query which does the search on two different sources in the same index and join the results based app correlation id to get results and perform the stats operation. However, t...
Labels
- Labels:
-
join
03-04-2021
04:13 AM
...ay that it can check hostname in search-B and if hostname is present in search-A the it should not join/merge that row.. the result should be something like below... type status hostname id p...
a month ago
...escription" is empty or not. if empty i want to raise an alert. How can i join this two lookups? thanks
Labels
- Labels:
-
development
03-09-2021
07:59 AM
...n one but not the other, in SQL terms, an OUTER JOIN. I have found that Splunk doesn't support a true outer join, so I'm still searching for a solution. Edit: spelling
Labels
- Labels:
-
join
07-23-2019
07:38 AM
...elow is my search:
index = A |fields X |rename X as Y |join Y [|search index= B] |stats values(Z) by Y
Above search doesn't work.
Is it because of subsearch result limitation?
Help w...
Show results in replies (3)
-
...alues so that I can implement left , right, full outer join and other joins using stats command. L...
-
...nner join. index=A OR index=B | fields index X Y Z | eval XY =coalesce(X,Y) | stats values(Z) as Z...
-
Try this! index=A OR index=B | fields X Y Z index | rename X as Y | stats values(Z),dc(index) ...
01-28-2021
10:20 AM
Hi, I have a join that is failing to pull through all users. I can see that the issue is due to case sensitivity so I tried to convert both sides of the join to lower case but this hasn't worked f...
Labels
- Labels:
-
other
-
saved search
Show results in replies (4)
-
@shazbot79 I know you've got your solution, but in terms of the principles behind stats vs join...
-
@shazbot79 There are often potential pitfalls using join in Splunk and it's often a good i...
-
...round how using stats to replace join works. I've tried playing around with your code but can't get i...
-
So....it turns out my code was behaving as expected...one of the email addresses in Service Now was...
08-18-2020
10:36 PM
...umber and in the title_id table the numbers match up to a specific text value. I have a number of these types of fields with matching tables. Is this something where i can upload all of the tables and join...
09-27-2019
02:50 AM
...essionTime = strftime(SessionTime_epoch, "%Y-%m-%d %H:%M:%S")
| join macAddress type=outer
[inputlookup nctdata.csv]
| rename cubicleNo as "work_station" | join work_station type=outer
[inputlookup s...
08-31-2020
09:09 AM
Hello guys, I'm using index=... | join commonfield [search index=...] | sistats count as nb scheduled each minute on low number of results, nothing is written in summary index, unlike other q...
Labels
- Labels:
-
join
