Splunk Search Multiple Indexes

Posted on by

Splunk Search Multiple Indexes - Police 2 Citizen Muskegonindexjoliet Herald News Obits Last 3 Daysfav Favers Index=1idx1 sourcetype=src | dedup a | join type=outer a [search index=idx2 sourcetype=src | dedup a] |. A more performant way to merge results is with the stats. I've 2 indexes abc and def. There is a field account_number in index abc and a field emp_nummber in index def. I want to find the total number of events, for the.

Police 2 Citizen Muskegonindexjoliet Herald News Obits Last 3 Daysfav Favers

Splunk Search Multiple Indexes