for example suppose i have a search query which gives me results avg1 and name1,
and second search which gives a result avg2 and name2
now I want to create a table which contains these values of search1 & search2 as avgs and names
thanks..
[Edit]
Query1--
... eval add = x+y+z |eval name="xyz"|stats avg(add) as avg1
Query2--
... eval add=d+e+f | eval name="abc"|stats avg(add) as avg2
now-- result should be
name avg
-----------
xyz avg1
abc avg2
As previously mentioend you can use "append" or "appendcols", or you can use "join". If you use "join", you will need a common field to join on, but this can easily be accomplished by adding ... | eval joinOn="blahblahblah"
to both searches, then use the new field "joinOn" (which has the same value in both searchs) as the field to join on.
I imagine you probably want to use append or appendcols though...
Are they saved searches ?
yes, join works only on common fields in both searches
i think join works on some common fields but i don't have any common field..plz correct me if i m wrong ..
You may use the search command appendcols.
More information:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Appendcols
your_search_query_1|
appendcols [search your_search_query_2]|
Lp
I have updated my question..and also i tried using appendcols but not sure whether i am using it correctly or not