Appending Fields

Follow

Nishanthi Neela Lekshmi

• June 15, 2020 13:14

Is it possible to merge fields(parsed from log search) from different queries into one??

0

• 

  Nathan Beltran

  • July 01, 2020 21:39

  Nishanthi,

  You can use concat to combine multiple fields into one field

  https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/concat

  0

  Comment actions Permalink
• 

  Graham Watts

  • July 01, 2020 22:56

  Another option is Subquery, where you can use values form one query to filter the results in another.
  
  Also, if you just need to return results for both queries into one by searching with OR:
  
  Query 1:
      _sourceCategory=category_1
      | parse ... (parse statement for query 1)
  
  Query 2:
      _sourceCategory=category_2
      | parse ... (parse statement for query 2)
  
  
  Combined:
      (_sourceCategory=category_1 OR _sourceCategory=category_2)
      | parse ... (parse statement for query 1) nodrop
      | parse ... (parse statement for query 2) nodrop
  
  

  0

  Comment actions Permalink

Please sign in to leave a comment.