Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Creating a table from diff source
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI Team,
I would like to create a table in a dashboard from two difference results.
Eg: Blue stack results and Green stack results has to display on a same table like below.
Green /t Blue
Service Call_count Service Call_count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
H,
Do you have any specific requirements?
If not, please check on the join and append options.
https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchReference/Join
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Append
https://docs.splunk.com/Documentation/SplunkInvestigate/Current/SearchReference/JoinCommandUsage
Please try and let us know!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index = avb source = "blue | stats count by Service, Call_count
index = avb source = "Green | stats count by Service, Call_count
Is it possible to display both results in same table, as Header Green / Blue and next line header as Service / Call_count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please check whether the below snippet is what you are looking for.
index=avb source="blue"
|eval Blue_Green="Blue"
|stats count as "Service_Call Count" by Service, Call_count ,Blue_Green
|append [ search index=avb source="Green"
|eval Blue_Green="Green"
|stats count as "Service_Call Count" by Service, Call_count,Blue_Green]
|fields - Service,Call_count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
H,
Do you have any specific requirements?
If not, please check on the join and append options.
https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchReference/Join
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Append
https://docs.splunk.com/Documentation/SplunkInvestigate/Current/SearchReference/JoinCommandUsage
Please try and let us know!!
Index This | When is October more than just the tenth month?
Observe and Secure All Apps with Splunk
What’s New & Next in Splunk SOAR
