Open vijayadhandapani opened 4 years ago
vijayadhandapani
commented
4 years ago I have installed set operations add-on on my Splunk Search Head. Still correlation search did not work, when I try to run, it did not produce any result. Instead I tried to use distinctstream command which in turn produced result, but I am trying to understand what these two commands distinctfields and dictinctstream are used for? Please assist.
doksu
commented
4 years ago Hi @vijayadhandapani,
Thanks for the question. Have you restarted Splunk on the search head after installing the setops app?
Could you please try the sample searches in the documentation: https://github.com/doksu/setops/wiki#distinctfields-command
Please see the documentation above for the difference between the two commands.
Thanks
I tried to create correlation search in Splunk SH, but when I tried to save it says "distinctfields" search command does not exists.
Do you suggest any other Correlation search, as suggested search command did not work?
Please find atatched screenshot from Splunk SH.