source A : filename,title,version,type,date
source B: filename,date
I want to compute the title field for source b and output that into my data where the file name has the same value for source A and B.
Goal: source=b | table _time,filename,title
My current approach is to use the stats latest(field) as field by filename to match the missing fields. However, after some analysis, I realise that I need all of the events and not only the latest. Some cases in each source may appear more than once and I need to monitor that.
Is there a better command?
... View more