I have a transaction search that works great. The table that it produces is useful but i want to append/augment it with additional data that I am inserting into Splunk about these "jobId"s via the API.
jobId=* source="/logs/*" | transaction jobId startswith=QUEUED endswith=COMPLETED | table _time jobId duration
I can search for the additional data via this search. Returns information about the jobID such as video_width, video_height, etc.
source="augmentData-VideoId" jobId=3703a4e7cc51ac54 | table video_width video_height
I am having trouble on how to get the additional data into the first search without affecting the transaction duration time since these additional data events are added via a cron job way after that transaction is completed.
... View more