Hi all
In the search bar i want to use two source files and to see the events of the two files
below is the query i have used
source="E:\pros_data\taskmanager_log (2).txt" "E:\pros_data\taskmanager_log.txt"
i am getting no results found
please give inputs
source="sourceA" source="sourceB"
is equivalent to
source="sourceA" AND source="sourceB"
Because your events are very unlikely to be in the sourceA and the sourceB at the same time.
You should use OR instead of AND.
source="sourceA" OR source="sourceB"
That is simply incorrect search syntax. You should take the Splunk tutorial to learn the basics, particularly the Start searching section.