×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rafaelvianaalve
Explorer
Member since: ‎05-10-2016
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎05-10-2016
Activity Feed
View All

Re: How to edit my join search to include all even...

by in Splunk Search
‎05-11-2016 07:46 AM
‎05-11-2016 07:46 AM
Thanks , I used the "stats " + " append" and it worked. however still need to make some adjustments as the index exists the Hostname field and not B , that is, the data came as soon as there is the same certificate on different servers (Load Balancer 😞 Certificate Hostname Valid to Cert1 AA1 24/12/2016 BB1 Cert2 AA2 01/12/2016 BB2 ... View more

Re: How to edit my join search to include all even...

by in Splunk Search
‎05-11-2016 05:03 AM
‎05-11-2016 05:03 AM
Exactly, the join this returning only the data that have match with indexB , but I need to bring all the data even if not this match , join index (full) . Any idea? ... View more

How to edit my join search to include all events f...

by in Splunk Search
‎05-10-2016 06:56 AM
‎05-10-2016 06:56 AM
I have two indexes with digital certificate information ( indexA and IndexB ). I used the join command to add some fields that the index does not have through the common field Site. I need to make a merge between the two indexes as there are data that only the IndexA contains, and others that only contains IndexB . Currently this syntax: index=IndexA | where HIERARCHY="1" |rename CN AS Site| join Site type=left max=0 [search index="IndexB" | dedup _raw | rename "Certification object" AS Site|fields Site,"Expiry Date","CI Name","Serial Number",Environment,SupplierName] |dedup Hostname Site "Valid to" TIMESTAMPENTRADA2 | table Hostname Site "Expiry Date" I tried the option type=outer , but remained the same result. I also tried to use index=indexA OR index=IndexB , but didn't work. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All