Hello there,
I have 2 indexes [customer_id, datetime] and [customer_id, date_of_creation, motive] with a common field "customer_id". I would like to perform a join of my indexes on this fields knowing that the values in each indexe can be non unique.
As I don't want to use the function Join of Splunk because of its limits, I use Eventstats instead. But the problem is that for the non unique values, I get multivalue fields concerning datetime, date_of_creation and motive.
How could I proceed to get the same result as a join would do (without using Join !) ?
Thanks in advance ! 😄
... View more