Solved: How to combine or join 2 sources (.csv format) wit...

krown · ‎10-02-2015

How is it possible to combine or join 2 sources (.csv format) with excactly the same extracted fields?

source1: column1,column2,column3
source2: column1,column2,column3

In my example, the first column from each source just shows milliseconds and is absolutely equal -> column1 (source1) = column1 (source2) <- these fields I want to overlay. The values from column2 and column3 differs.

I now want to have a table in this format:
column1 column2 column2 column3 column3

Then I could compare the values from column2 with each other and the values from column3 with each other in a line chart while x-axis = column1. Also, it would be nice, if there is a y-axis for the values of column2 and another y-axis for column3, combined in one chart

Thanks in advance!!

Example in Excel

http://up.picr.de/23281724qw.jpg

somesoni2 · ‎10-02-2015

Try something like this

(base search temrs source=source1.csv) OR (base search temrs source=source1.csv) | table source column1 column2 column3 | chart values(*) as * by column1 source

View solution in original post

somesoni2 · ‎10-02-2015

Try something like this

(base search temrs source=source1.csv) OR (base search temrs source=source1.csv) | table source column1 column2 column3 | chart values(*) as * by column1 source

krown · ‎10-07-2015

I did it! With your help!

(index="yourindex" source="/home/...csv") OR (index="yourindex" source="/home/...csv") | chart values(speed) by yourtimestamp source

Thank you very much

How to combine or join 2 sources (.csv format) with exactly the same extracted fields?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor