Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
7,265 results
Sort by:
10-29-2024
01:44 AM
Good day, Is there a way to join all my rows into one? My simple query index=collect_identities sourcetype=ldap:query user
| dedup email
| table email extensionAttribute10 e...
10-08-2025
05:04 AM
Good day, It's been a while. I am trying to join two indexes together to see if a ticket has been logged based on the first search. Search 1: Is used to gather all the results. H...
Labels
- Labels:
-
join
01-13-2025
06:49 AM
In my logs I am getting 4 events for 1 id. 1)Updating DB record with displayId=ABC0000000; type=TRANSFER 2)Updating DB record with displayId=ABC0000000; type=MESSAGES 3)Updating DB re...
Labels
- Labels:
-
field extraction
-
stats
-
subsearch
Show results in replies (3)
-
index=ABC source=XYZ 'ABC00000000001' | fillnull value="SENDING" type | stats values(type) as types...
-
Assuming type and displayId are already extracted, NO .. I am not able to join All 3 condition t...
-
Assuming your events are as you showed, try using extract | makeresults | fields - _time | eval _r...
05-20-2024
05:38 AM
Hey guys, I'm having trouble joining two datasets with similar values I'm trying to join two datasets, both have a common "name" field, but the one on the left has the correct value and the one on t...
Show results in replies (4)
-
...eft_dataset_name right_dataset_name I would suppose that you used the join concept and not the use of the join c...
-
...ou intend to use join command, consider stats or another method instead. For example, &n...
-
...ne)*" | eval joined_name = upper(coalesce(NAME, name)) NAME(upper) is from the index 1, and name(l...
-
...+_)*" . left_name . "_"), left_name, null()))) | eval joined = coalesce(name, match_name) | f...
12-04-2025
08:20 AM
Hi all, I have a search with a Join. For the event I am Joining the Master search may not always have corresponding events in the join/subsearch. Is it possible to also return the results f...
05-22-2025
02:41 PM
...eel like I've tried everything (join, append + eventstats, subsearching) and unfortunately all have a limit which prevent me from getting the full set mapped. Join limit: 50,000 Append limit: 1...
03-27-2024
12:38 AM
this is the query, so i'm still a baby in this world (so I'm sorry if there is a dummy mistakes that might drive you crazy when you read this query). However, I'm trying to Join the Source Process I...
Labels
- Labels:
-
join
04-09-2024
11:42 AM
I am trying to join two searches together to table the combined results by host.
First search below is showing number of events in the last hour by host, index, and sourcetype:
| tstats count w...
Labels
03-10-2020
09:49 AM
Anything wrong with this join and subsearch? I know there are events which should match based on the 'cs_host' field. Not sure if the rename is confusing things, or my syntax is off slightly.
i...
09-19-2024
10:35 PM
Hi,
Join is not returning the data with subsearch, I tried many options from other answers but nothing working out.
Target is to check how many departments are using latest version of s...
Labels
- Labels:
-
table
