List of a list

watsm10 · ‎08-10-2012

Hi,

We are using two source files to list data in this format:

Name1: uniqueID1
uniqueID2
uniqueID3
Name2: uniqueID1
uniqueID2
.......

And then we can match the uniqueID to it's uniqueID in the other source file.

uniqueID1: blahblah1
blahblah2
....etcetc...

What we're stuck on is incorporating these two lists into one list which is 3 levels deep. Are we missing a trick anywhere?

We've tried:
list(list(blahblah) by uniqueID) by Name
list(blahblah) by uniqueID list(uniqueID) by Name

and plenty of other ways, including the 'values' function.

Regards,

lguinn2 · ‎08-10-2012

Try this:

search1here
| table person uniqueId
| join uniqueId [ search search2here
   | fields uniqueId otherId | format maxresults = 10000 ]
| mvcombine delim="\n" otherid
| mvcombine delim="\n" uniqueId

You can set maxresults lower if you like.

watsm10 · ‎08-13-2012

It could be to do with that yes. I'll look into that, but it probably won't be until tomorrow.

lguinn2 · ‎08-12-2012

Is the problem that the two sources have different names for the common field(s)?

watsm10 · ‎08-10-2012

Been trying for a little while now, don't think that way is going to work....I did get pretty close, I think the issue then was working with multiple sources.

watsm10 · ‎08-10-2012

I'm just trying to get this bit going now. It's closer than it has been before!

watsm10 · ‎08-10-2012

So we can make the list:

BLOGGS|JOE|1989-02-12|PO57 6OD      
                                3c3f4930d5da11e19411a100a77470a
                                3c249540d4da11e1b67df27af03bd42
                                3c1468c0d3da11e19411a100a77470a
                                3c0e38a8d2da11e196760a100ed0000

CHARLTON|BOBBY|1966-01-01|PE4 5OUP 
                                843e0770d5da11e1a62c58d171186
                                8400d760d5da11e18756677d5611d
                                841f0dc0d5da11e1adfdf23bf2cbd
                                8412252ed5da11e189350a10ed700

Which is returned with the command:

stats list(ID) by people

And we can also return that ID followed by any matches in a field we'll call 'other_id'

36d74550d5da11e1b4d7a1ee6d39493
37197e70d5da11e19602b56d1426262        37197e70d5da11e19602b56d1426262
3824fb00d5da11e19c1594d245917b6        3824fb00d5da11e19c1594d245917b6
382768f4d5da11e196760a100ed0000        382768f4d5da11e196760a100ed0000

Which is returned by the command stats list(other_id) by ID

What I'd like is them all to be next to each other as such:

BLOGGS|JOE|1989-02-12|PO57 6OD      
                            3c3f4930d5da11e19411a100a77470a
                                                             3c3f4930d5da11e19411a100a77470a
                                                             3c3f4930d5da11e19411a100a77470a
                                                             3c3f4930d5da11e19411a100a77470a
                            3c249540d4da11e1b67df27af03bd42
                                                             3c249540d4da11e1b67df27af03bd42
                            3c1468c0d3da11e19411a100a77470a
                            3c0e38a8d2da11e196760a100ed0000
CHARLTON|BOBBY|1966-01-01|PE4 5OUP
.......
......

Hope that that is a bit clearer, took forever to format 😄

lguinn2 · ‎08-10-2012

Thanks for the examples. It really did help!

lguinn2 · ‎08-10-2012

Can you give more concrete examples? Or sanitized versions of a few lines of each input? I am lost in the ids and blah blah blah. Sorry!

List of a list

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor