I have several log messages that are joined by a single field, id - each of the messages will include that field. What I would like to do is search all log messages for a particular term, and for any that match, return all of the log messages with those ids. For example, if I had the following messages:
id: 1, message: 'hello'
id: 1, message: 'world'
If my term is 'hello', I would want to return both messages with id 1 since one of the messages with id1 contains the term 'hello'.
I'm still pretty new to splunk querying, so any help here would be appreciated. Thanks!
... View more