All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine two index data in Splunk

welcome
Engager
‎08-17-2023 07:32 AM

We are using splunk for Jenkins logs so events are coming to splunk ,how to combine one index data with another index, can you give me proper search query and answer.

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-17-2023 08:08 AM 
index=index1 OR index=index2
0 Karma
Reply

welcome
Engager
‎08-17-2023 08:40 AM

where we can see combined results of two index, can you please give me proper answer.

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-17-2023 08:49 AM

Based on the information you have provided, this is a proper answer. Try putting it into a search and see what results you get. If they are not the results you were expecting, please explain what it is that you want to see, providing examples of your events, details of how you want them combined, etc.

0 Karma
Reply

welcome
Engager
‎08-17-2023 09:03 AM

Actually I want to see combined data of two indexes into one index in splunk ,can you give me proper search query and answer

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-17-2023 09:06 AM

Splunk doesn't work that way, unless you want to collect from both indexes and store the events again in a third index. But what would be the point of doing that?

What will you do with the combine index which can't be done by using OR in the search?

0 Karma
Reply

welcome
Engager
‎08-17-2023 09:11 AM

We have a requirement to do so ,can we have any other way two combine 2 indexes data into 1 index in splunk,can we try from terminal side or using search query

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-17-2023 09:38 AM

Why not ingest the data into one index in the first place?

0 Karma
Reply

welcome
Engager
‎08-17-2023 09:43 AM

How to ingest the data into one index ,can you elaborate little bit

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-17-2023 09:59 AM

How do you currently ingest your data?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...