Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to show 2 results within the same alert?

xvxt006
Contributor
‎07-13-2015 04:46 AM

Hi,

I have this search which gives me error % and good requests, etc. When I get this alert, I would also like to send an another table in the same alert results where I can show the top 5 URIs by the error status. Would it be possible?

 (status=200 OR status>399)  | eval requestType = if(status==200, "OK", "Error")  | chart count as requests  over host by requestType | rename "requests: OK" as OK ,"requests: Error" as Error   | eval TotalRequests= (OK+Error) | eval GoodRequestsPerc = round((OK/TotalRequests)*100,2) |   eval FailuresPerc = round((Error/TotalRequests)*100,2)  | table host, OK,Error,GoodRequestsPerc,  FailuresPerc | sort  -"FailuresPerc" | where FailuresPerc > 5
Tags (2)
0 Karma
Reply

otman01
Communicator
‎07-13-2015 05:49 AM

you can use this command :
| set union [ search 1] [ search 2]

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...