Dashboards & Visualizations

Multiple base searches in one search

Explorer

I have three base searches in my dashboard

 <query>....</query>


 <query>...</query>


 <query>...</query>

I need to show the results of each these queries in a single table, so I thought I can use multiple base searches, something like this

 <query>...</query>

Is there a way the above can be achieved?
Thanks!!

Are you looking to append together the results of each search? I'm trying to understand the use case so that I can offer advice. There are probably many ways of achieving your end goal, so maybe you could give more details?

0 Karma

Explorer

I have separate searches which all use a base search and calculate event duration.
Example: Base_search -> quite complex
search1 uses base_search results and output action1 duration
search2 uses base_search results and output action2 duration
search3 uses base_search results and output action3 duration

Now I want to display on a bar chart the durations with action on x axis and time on y axis.

PS: there is no easy way to combine all the results in one search, thats why I create separate searches

0 Karma

Legend

No, in each panel you can use only one base search ti declare in search Tag.
If you want to speed up you sear h you have to use the Splunk acceleration methods.
Bye.
Giuseppe

0 Karma

Motivator

I downvoted this post because no longer correct

0 Karma