The search below looks up a serial number in another index, there will be multiple values to "x", but currently it only returns 1.
How do I get it to return all of the values?
Also, 2nd question, as it's only returning 1 value, how does it choose which value to return?
index = email
serialnumber=123456789
| join serialnumber type=left [ search index=db | dedup Y | rename serial AS serialnumber ]
| table serialnumber X
↧