Hello guys,
So I have struggled writing search pipeline for this senario:
I have comparing unique id(numerical value) in 3 different fields (id_1,id_2,id_3). The data looks something like:
id_1 | id_2 | id_3
1 3 4
2 4 5
3 5 6
4 6 5
4 5 3
I want to find out where all three columns have a matching value.
For example, here 4 would be a unique value that appears in all three fields.
I have run different seaches:
...|table id_1.id_2,id_3|where id_1==id_2==id_3
...|eval matchname=id_2|where id_1==matchname <-tried with 2 fields first, no result
...|table id_1, id_2|eval matchname=if(id_1==id_2,"y","n")
...|stats values(id_1) by id_2,id_3
I am new to Splunk so please excuse my lack of knowledge on the different commands. But i feel like I might be missed a big concept in Splunk Search Language.
Advance thanks for any help on this.
-New Splunk Enthusiast
... View more