Hey all, I have 2 source types with the following properties source_1 id value source_2 name description So my events might look similar to: source_1: id=abc-123, value="blah" source_2: name=abc-123, description="some_description" The values of source_1.id and source_2.name are equal. Im trying to display the id/name, description and value in a table. I've came up with the following query to do so: index=main sourcetype=source_2
| rename name AS id
| join id [search index=main sourcetype=source_1 id=*]
| table id, value, description Is my query the best way to achieve this? Are there any alternatives?
... View more