I'm new to splunk, here's my issue. I have a log file which contains the extracted fields below:
task_id
task_duration
content_owner
task_type
I'm looking to find the task_duration for two search strings "string ABC" OR "string 123" so those two lines which would return would have task_id, task_duration, and task_type. I need to use the task_id to find the content_owner as its elsewhere in the log... In the end what I want to see is:
task_id: #### content_owner: XYZ task_type: XYZ task_duration: ####
task_type: ZYX task_duration: ####
Really would need to see your data to figure out the right solution but you could try something like
...| transaction task_id
OR
....| stats values by task_id
ok logs sent
Will you still be sending example data?
So is there one line with taskid , duration, type. Then another line with Id and owner where the id will equal taskid?
Actually looking at my data again, it looks like I was slightly off... Maybe you can help ne with a bit more detail. So I still want to see the data as above but I was wrong about content_owner its not contained within the same task_id but rather Splunk will need to look for owner based on an extracted field called id.
Sure send to j1621c@Yahoo.com
I tried that - doesnt seem to work exactly the way I want - can I send you some examples offline?