All,
I have 2 source types , one being XML and other being a trace log file events. I have a requirement to combine values from both. Sourcetype 1 : ITCM (trace log files) and for a given Locomotive number, go and find the events from Second source type and retrieve some info (example district name) and append to the column of the first . Basically I am displaying a table to show all the necessary fields from the first source type and just append a column with values from the second source type (based on the matching condition - locomotive number).
I was able to combine both the source types but hadn't been successful in appending the column values from the second source, basically I tried eval (if condition match), append cols etc.
Issues with eval(if condition match) - I can see the eval condition matches only for the events coming from second source type and doesn't equate to the events on first source type and output as below
Row #1 displays values from sourcetype1 col1(value=locomotive number), col2value, col3value,col4 =blank (districtname)
Row #2 displays values from sourcetype2 (col1value=locomotive number), blank (col2value), blank (col3value),districtname (col4value)
Bascially I wanted to get a result that shows one row for each event as below
col1(value=locomotive number), col2value, col3value, ,districtname
Thoughts/Suggestions please
Thanks
Mathan J
↧