Hi all.
I have almost 20 different sourcetypes. Field names in sourcetypes are different and I don't have the same in more than 1 sourcetype. Each sourcetype has a "slice" of a record using an ID, but this ID has different names across the sourcetypes. I mean:
sourcetype: example1
ID Field: ex1_id
ex1_id: 5555
ex1_type: Tool
sourcetype: example2
ID Field: ex2_id
ex2_id: 5555
ext2_name: SN56616
sourcetype: example3
ID Field: ex3_id
ex2_id: 5555
ext3_kind: none
I need to search in all sourcetypes and create a resulting table that looks like:
ID | ext1_type | ext2_name | ext3_kind
5555 | Tool | SN56616 | none
I tried to create a field alias by sourcetype to the appropriate `ID Field name` to use the same name like `ID` to facilitate the search. I don't how proceed, `transaction`? `join`?
Thanks!
↧