We have two different search queries with no unique fields and we would like to get the below info:
1. we would like to search the value which we get in first query in the second query.
3. if the value in first query is present in second query then we would like to print both the events .
For example, we tried the below, but we were unable to get both the events.
index=abcde_yudhbc "Sending message to queue" | dedup field1 | stats count by field1| map search="search index=ajhdahbd_hdhc $field1$ Successfully pushed to system "
Whatever list of values we get for field1, we would like to pass each field1 value to the second query using the map command. And, if the field1 value is present, then we would like to display both the field1 value and the event which is matched in the second search.
↧