cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
p0r049z
Engager
Member since: ‎01-01-2024
‎01-01-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎01-01-2024
Activity Feed
View All

Re: Combine results from multiple queries

by in Splunk Search
‎01-01-2024 06:53 AM
‎01-01-2024 06:53 AM
thanks @richgalloway  for the response! This indeed helps. Can I extend the question also to understand how I can enforce that the individual searches between the OR conditions return result for sure and only then combine the results (similar to inner join) using Id field? ... View more

Combine results from multiple queries

by in Splunk Search
‎01-01-2024 06:26 AM
‎01-01-2024 06:26 AM
I am new to splunk queries and was trying to combine results from multiple queries without using subsearches due to its limitation of restricting subsearches to 50000 results but our dataset has more than 50000 records to be considered. Below is the query I was trying (index="B"  logType="REQUEST") OR( index="B" logType="TRACES" message="searchString1*") OR (index="B" logType="TRACES" message="searchString2*") | stats latest(*) as * by Id All above queries have the id field in the result which match and correspond to some kind of a correlation id between these logs. I would like to have the end result show all the common fields which has same values, but also with message field having the consolidated message content from the individual queries made on the same index B. The message field alone can have different values between the queries and need to be consolidated on the result. Can someone help on how this can be done ? @splunk  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-01-2024 11:54 PM
Karma given to