https://community.splunk.com/t5/Splunk-Search/Multiple-search-results-in-one-alert/m-p/82762#M21015 <P>I have below multiple searches (approx 20) and want to set a single alert for all the results. Can this be done? What is the process? </P> <P>1) source="server.log" Ship Request | stats count<BR /> 2) source="server.log" Drop Request NOT ("XXXX") | stats count</P> <P>all searches are from same source. trying to create a alert like below.</P> <P>Ship Request - 234<BR /> Drop Request - 554</P> Wed, 09 Jan 2013 20:28:39 GMT nrao1 2013-01-09T20:28:39Z https://community.splunk.com/t5/Splunk-Search/Multiple-search-results-in-one-alert/m-p/82762#M21015 <P>I have below multiple searches (approx 20) and want to set a single alert for all the results. Can this be done? What is the process? </P> <P>1) source="server.log" Ship Request | stats count<BR /> 2) source="server.log" Drop Request NOT ("XXXX") | stats count</P> <P>all searches are from same source. trying to create a alert like below.</P> <P>Ship Request - 234<BR /> Drop Request - 554</P> Wed, 09 Jan 2013 20:28:39 GMT https://community.splunk.com/t5/Splunk-Search/Multiple-search-results-in-one-alert/m-p/82762#M21015 nrao1 2013-01-09T20:28:39Z https://community.splunk.com/t5/Splunk-Search/Multiple-search-results-in-one-alert/m-p/82763#M21016 <P>You could append the searches one after the other to get a single result with I presume one line per search, then set an alert for that humongous search.</P> <P>Alternatively, since you're running on the same source you could extend the stats to include more than one column. Which one of these ways is nicer depends on the searches.</P> Thu, 10 Jan 2013 07:58:19 GMT https://community.splunk.com/t5/Splunk-Search/Multiple-search-results-in-one-alert/m-p/82763#M21016 martin_mueller 2013-01-10T07:58:19Z