Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

COmpare or join 2 fields to 3rd output

jerinvarghese
Communicator
‎03-06-2021 06:55 AM

HI All,

Need help in comparing 2 fields or join 2 values to build a table for another 2 field.

CODE 1: 

 

index=opennms "Cisco-WLC-AP-DOWN/AP*"
| table AP_NAME, Time,downtime,

 

OUTPUT 1: 

AP_NAMETimeTicket_ID
AP64123/6/2021 19:11INC00001
AP64123/6/2021 18:45INC00002
AW3/6/2021 17:08INC00003
AE3/6/2021 16:29INC00004
AP64123/6/2021 15:15INC00005
AR3/6/2021 14:31INC00006

 

CODE 2:  

 

index=moogsoft_e2e
| table AP_NAME, Time,Ticket_ID,

 

OUTPUT 2: 

AP_NAMETimedowntime
AP64123/6/2021 19:114:18:55
AB3/6/2021 18:021:21:25
AC3/6/2021 17:081:23:45
AP64123/6/2021 10:127:45:23
AP64123/6/2021 15:152:21:34
AE3/6/2021 14:318:12:23

 

Expected final output Table :

AP_NAMETimeTicket_IDdowntime
AP64123/6/2021 19:11INC000014:18:55
AP64123/6/2021 15:15INC000052:21:34

 

I want both AP_NAME & Time  to match the Ticket_ID & downtime.  

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-06-2021 09:24 AM

Try this

(index=opennms "Cisco-WLC-AP-DOWN/AP*") OR index=moogsoft_e2e
| stats values(*) as * by AP_NAME, downtime
| table AP_NAME, Time,Ticket_ID, downtime
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...