This does not work.
Let me clarify what I am trying to accomplish:
I have two CSV documents and their column headers are as follows:
sourcetype=threat
File Name,File Status,Symantec Score,Signature Status,AV Industry,Global Quarantined,Safelisted,Signed,Cert,Timestamp,Cert Issuer,Cert Publisher,Cert Subject,Product Name,Description,File Version,Company Name,Copyright,SHA256,MD5,Classification,DeviceName,Serial Number,File Size (bytes),File Path,Drive Type,File Owner,Create Time,Modification Time,Access Time,Running,Auto Run,Ever Run,First Found,Last Found,Detected By
sourcetype=device
Device Name,Serial Number,OS Version,Agent Version,Policy,Zones,Mac Addresses,IP Addresses,Last Reported User,Background Detection,Created,Files Analyzed,Is Online,Online Date,Offline Date
Basically what I want to do is merge the two searches together to create a table where anything found in sourcetype=threat will show the Zones information (found only in sourcetype=device) for the respective sourcetype=threat.
Let me know if you follow what I am trying to achieve. I can clarify further if necessary.
Thank you so much for your help thus far!
... View more