Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Creating a table from diff source
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI Team,
I would like to create a table in a dashboard from two difference results.
Eg: Blue stack results and Green stack results has to display on a same table like below.
Green /t Blue
Service Call_count Service Call_count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
H,
Do you have any specific requirements?
If not, please check on the join and append options.
https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchReference/Join
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Append
https://docs.splunk.com/Documentation/SplunkInvestigate/Current/SearchReference/JoinCommandUsage
Please try and let us know!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index = avb source = "blue | stats count by Service, Call_count
index = avb source = "Green | stats count by Service, Call_count
Is it possible to display both results in same table, as Header Green / Blue and next line header as Service / Call_count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please check whether the below snippet is what you are looking for.
index=avb source="blue"
|eval Blue_Green="Blue"
|stats count as "Service_Call Count" by Service, Call_count ,Blue_Green
|append [ search index=avb source="Green"
|eval Blue_Green="Green"
|stats count as "Service_Call Count" by Service, Call_count,Blue_Green]
|fields - Service,Call_count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
H,
Do you have any specific requirements?
If not, please check on the join and append options.
https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchReference/Join
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Append
https://docs.splunk.com/Documentation/SplunkInvestigate/Current/SearchReference/JoinCommandUsage
Please try and let us know!!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
