Documentation > Splunk > Search Reference > join

Search Reference

 


Welcome
Search Overview
Search Commands
Custom Search Commands

join

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

join

Synopsis

sql-like joining of results from the main results pipeline with the results from the subpipeline.

Syntax

join [join-options]* field-list [ search-pipeline ]

Arguments

join-option
Syntax:
Description:
field-list
Syntax:
Description:
search-pipeline
Syntax:
Description:

Description

Traditional join command that joins results from the main results pipeline with the results from the search pipeline provided as the last argument. Optionally specifies the exact fields to join on. If no fields specified, will use all fields that are common to both result sets.

Examples

Example 1: Joins previous result set with results from 'search foo', on the id field.

... | join id [search foo]


See also

selfjoin, append, set, appendcols

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0/SearchReference/Join"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.