https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444434#M126041 <P>Hi</P> <P>I'm trying to combine fields in multiple search result in one output table as overall result, for example:</P> <P>Search 1 result<BR /> Date,open ,close</P> <P>Search 2 result<BR /> incident ,type1,result</P> <P>Output table<BR /> Date,open ,close,incident ,type1,result</P> <P>Hope question is clear</P> <P>Thanks</P> Tue, 12 Jun 2018 12:55:11 GMT roopasree 2018-06-12T12:55:11Z https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444434#M126041 <P>Hi</P> <P>I'm trying to combine fields in multiple search result in one output table as overall result, for example:</P> <P>Search 1 result<BR /> Date,open ,close</P> <P>Search 2 result<BR /> incident ,type1,result</P> <P>Output table<BR /> Date,open ,close,incident ,type1,result</P> <P>Hope question is clear</P> <P>Thanks</P> Tue, 12 Jun 2018 12:55:11 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444434#M126041 roopasree 2018-06-12T12:55:11Z https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444435#M126042 <P>How will you know what rows from result 1 relate to what rows in result 2? Is there not a common field between the two datasets?</P> Tue, 12 Jun 2018 14:48:18 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444435#M126042 pradeepkumarg 2018-06-12T14:48:18Z https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444436#M126043 <P>Sure, just use | appendcols</P> <PRE><CODE>search foo | fields date,open,close | appendcols [ search bar | fields incident,type1,result] </CODE></PRE> <P><A href="http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Appendcols">http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Appendcols</A></P> Tue, 12 Jun 2018 19:33:20 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444436#M126043 jowenssi 2018-06-12T19:33:20Z https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444437#M126044 <P>Hi @roopasree</P> <P>There should be a common field in main &amp; sub search to map the results correctly,</P> <P>if you want to just append the columns use the above answer ----- appendcols, append commands should work for that.</P> <P>if you want to map the results between main and sub search based on a specific field ----- join command should work for you.</P> <P>main search | fields date,open,close,incidentnum | join incidentnum [search subsearch | fields incident,type1,result,incidentnum] | stats c by date,open,close,incidentnum,incident,type1,result </P> <P>Thanks</P> Tue, 12 Jun 2018 19:51:03 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444437#M126044 PowerPacked 2018-06-12T19:51:03Z https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444438#M126045 <P>@gpradeepkumarreddy yes there is no comman field among two datasets</P> Wed, 13 Jun 2018 07:03:43 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-combine-fields-from-multiple-search-in-one-table/m-p/444438#M126045 roopasree 2018-06-13T07:03:43Z