Search A returns many events for each ID.
Search B returns a single event for each ID.
My end result is a table with each event from search A, with the values from a few fields in search B appended as new columns to EACH event in A.
If that's not clear here's more:
Search A looks like this:
_time,ID,interesting_field
1,1,420
1,2,69
1,3,8008
2,1,5318008
2,2,12
2,3,41
...
Search B looks like this:
_time,ID,tag
1,1,hello
1,2,wuddup
1,3,yo
End-result should look like this:
_time,ID,interesting_field,tag
1,1,420,hello
2,1,5318008,hello
1,2,69,wuddup
2,2,12,wuddup
1,3,8008,yo
2,3,41,yo
Extra tags for the people from google: one-to-many
↧