Hi all, I'm a new Splunk user and I would like to have some help from you. I have two query: First query: index=osb source=/applog/MtRot/ROT/proxy.log 3548 PS_WS_OM_NOTIFY | xmlkv maxinputs=10000 | table OrderID transactionID StatusCode StatusDescription Result: OrderID transactionID StatusCode StatusDescription 3548 98f02a 5 Completed Second query (executed after the first query result): index=osb source=/applog/MtRot/ROT/proxy.log PS_WS_OM_NOTIFY 98f02a(from the first query) | xmlkv maxinputs=10000 | table transactionID ResultCode ResultDescription The two query have the "transactionID" as a common value, so I'd like to create a unique query in order to show one raw with all these field table OrderID transactionID StatusCode StatusDescription ResultCode ResultDescription Any suggestion? Thank you very much
... View more