Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
7,000 results
Sort by:
10-29-2024
01:44 AM
Good day, Is there a way to join all my rows into one? My simple query index=collect_identities sourcetype=ldap:query user
| dedup email
| table email extensionAttribute10 e...
Labels
- Labels:
-
other
05-20-2024
05:38 AM
Hey guys, I'm having trouble joining two datasets with similar values I'm trying to join two datasets, both have a common "name" field, but the one on the left has the correct value and the one on t...
Show results in replies (4)
-
...eft_dataset_name right_dataset_name I would suppose that you used the join concept and not the use of the join c...
-
...ou intend to use join command, consider stats or another method instead. For example, &n...
-
...ne)*" | eval joined_name = upper(coalesce(NAME, name)) NAME(upper) is from the index 1, and name(l...
-
...+_)*" . left_name . "_"), left_name, null()))) | eval joined = coalesce(name, match_name) | f...
04-09-2024
11:42 AM
I am trying to join two searches together to table the combined results by host.
First search below is showing number of events in the last hour by host, index, and sourcetype:
| tstats count w...
Labels
09-19-2024
10:35 PM
Hi,
Join is not returning the data with subsearch, I tried many options from other answers but nothing working out.
Target is to check how many departments are using latest version of s...
Labels
- Labels:
-
table
11-06-2024
10:54 AM
...eneric representation of my current query but I get nothing back.
index=event ... | join left=event right=vpn where event.src_ip=vpn.client_ip max=1 usetime=true earlier=true [search index=v...
Labels
- Labels:
-
join
03-27-2024
12:38 AM
this is the query, so i'm still a baby in this world (so I'm sorry if there is a dummy mistakes that might drive you crazy when you read this query). However, I'm trying to Join the Source Process I...
Labels
- Labels:
-
join
06-28-2024
05:31 PM
I have an inputlookup called adexport.csv thats big... trying to join and match two fields in the lookup UserName and with the splunk field UserId. trying but this don't seem to work. T...
08-22-2023
08:58 PM
Hello, How to join data from index and dbxquery without using JOIN, APPEND or stats command? Issue with JOIN: limit of subsearch 50,000 rows or fewer. Missing data. Issue with A...
03-10-2020
09:49 AM
Anything wrong with this join and subsearch? I know there are events which should match based on the 'cs_host' field. Not sure if the rename is confusing things, or my syntax is off slightly.
i...
07-13-2022
07:48 AM
Hi Splunkers,
I struggled badly trying to get this solved, but no luck?
I need to join to a different search using the ip_address to get the host name :
Base search for the join: index= X&n...
Labels
- Labels:
-
host
Show results in replies (8)
-
| fields host_name count E_error L_error
-
It is not clear which events you are trying to "join" with which - where do these events come f...
-
...609)" | stats earliest(_time) as E_error latest(_time) as L_error count by ip | join type=left i...
-
What is this line supposed to be doing | stats values(hostname) by ip_addresses because after tha...
-
I edited that already if you refresh you won't see it, that was a mistake.
-
Thanks ITWhisperer, Just as an update, the field that I need to join on need to have the same e...
-
The host name will not be available in the web logs, that's why I join to a different s...
-
...rom the left is joined to which field on the right join - Splunk Documentation
