@urana
Thank you but that approach doesn't work (or I wasn't able to make it works); I've ended doing a map command from A & B sources and the a join with the C source. I try to avoid join as much as possible but the devices aren't billions and the performances are more than acceptable.
@woodcock
I was playing with Business flow a few weeks ago in the Splunk Oxygen, may worths another look, ty.
The topology apps are all great and I already use them; the issue with this use case is the tons of variables to be handled
Basically I have (just as example):
- Switch 1 connected to Switch 2 with 4 ports; each link has is own metrics/info
- Switch 2 connected to Switch 3 with 8 ports; again, each link with is own info
I tried with multivalues and succesfully build a single line, multivalue topology across all devices/link. Right now I'm stuck on splitting multivalues fields because of they have uneven elements; the "standard" mvjoin/split/rex works well when you have same number of events in each multivalue but that's not my case 😞
Anyway, ty all for your time
PaoloR
... View more