I have a similar question, but I don't quite follow the streamstats logic. My query returns results with multiple fields (sorry if my terminology if off -- I'm new to splunk), something like the following:
1. src = 1.2.3.4, dest = 2.3.4.5, name = bob
2. src = 2.4.6.8, dest = 3.5.7.9, name = alice
3. src = 2.3.4.5, dest = 1.2.3.4, name = jack
...
I want to do a nested loop search, comparing all pairs, and return entries where src = dest and dest = src for two pairs (e.g. records 1 and 3 in this example). I know how to do this if I were to download a csv file and write e python script to do the nested loop, but it would be great to be able to do this within Splunk. But maybe that's beyond what Splunk can do...
... View more