Afternoon!
Hope this isn't too basic of a question here, but I've been striking out on finding a similar search to use as an example.
I'm basically trying to parse 2 separate results out of the same log entry and display them in a single table.
Search 1:
host=ServerNumber1 sourcetype=log adventure NOT "Buck" | rename uniqueid as item1 | dedup item1 | table item1
Search 2:
host=ServerNumber1 sourcetype=log "Buck" | rename uniqueid as item2 | dedup item2 | table item2
I'm trying to figure out how to get item1 and item2 in to the same table in separate columns.
Any help would be appreciated!
... View more