Is it possible to visualize multiple search result...

owie6466 · ‎05-18-2020

Hello, newbie here again.

Trying to use 2 inputs for a form but separate the searches (these 2 inputs will be 2 different alerts) and incorporate search results into one graphical view. is this possible?

Thank you again.

owie6466 · ‎05-19-2020

Hi Guiseppe, thanks for the reply. yes they are the same search with the exception of the second search have updated code. the goal is to merge the data to show the difference in execution time. I have the tokens $alertNameTok$ and $alertNameTok1$. Here's what I have for the code.

index=_internal source="*scheduler.log" app="hdo_monitoring" status="success" $alertNameTok$ $alertNameTok1$ earliest=$timetok.earliest$ latest=$timetok.latest$

| timechart span=10m first(run_time) first(result_count) by savedsearch_name

attached: snapshot - no results

thank you!

gcusello · ‎05-18-2020

Hi @owie6466,
with the few informations you shared I think that's probably possible, but, if you could share the searches and an example of the results yuo want it could be easier.

In addition, there's a thing not so clear:you say tha the two inputs are two alerts, are you meaning that the searches are the same of alerts or what else?

Ciao.
Giuseppe

Is it possible to visualize multiple search results and alerts in the same dashboard?

panel

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!