How can I join two table in Splunk using query like this?
select dialog.id, dialog.callId, dialogParty_dialog_id, attributeKey_id, attributeValue
from dialog, descriptionsattribute
where callid = 'AL_a8wKVUUuX2qY7DgmBIg..' and dialog.id = dialogParty_dialog_id;"
thank you and regards,
What do you mean by "table"? Splunk doesn't have tables. It does have join and similar operators though, but it's often not a 100% good idea to try to implement the exact same concepts to Splunk searches as with SQL searches. That said, this "Splunk for SQL users" guide should prove useful.
How to Join fields from 2 indexes 1 Answer