Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show 2 results within the same alert?

xvxt006
Contributor
‎07-13-2015 04:46 AM

Hi,

I have this search which gives me error % and good requests, etc. When I get this alert, I would also like to send an another table in the same alert results where I can show the top 5 URIs by the error status. Would it be possible?

 (status=200 OR status>399)  | eval requestType = if(status==200, "OK", "Error")  | chart count as requests  over host by requestType | rename "requests: OK" as OK ,"requests: Error" as Error   | eval TotalRequests= (OK+Error) | eval GoodRequestsPerc = round((OK/TotalRequests)*100,2) |   eval FailuresPerc = round((Error/TotalRequests)*100,2)  | table host, OK,Error,GoodRequestsPerc,  FailuresPerc | sort  -"FailuresPerc" | where FailuresPerc > 5
Tags (2)
0 Karma
Reply

otman01
Communicator
‎07-13-2015 05:49 AM

you can use this command :
| set union [ search 1] [ search 2]

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...