Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Combine 3 csv reports and send it in one Email

Shashank_87
Explorer
‎12-04-2019 02:53 AM

Hi, I am stuck into a weird problem. I have 3 queries from 3 different source producing a table with a service name and it's error count. Is it possible that I generate 3 reports, attach it in the same email and trigger it as a scheduled report. I know we can use append command but i think that will make the output a bit messy.
Is there any other way?

0 Karma
Reply

woodcock
Esteemed Legend
‎12-04-2019 03:32 AM

There are many ways but the best is like this:

|inputlookup append=t report1.csv
| eval which=coalesce(which, "report1.csv")
|inputlookup append=t report2.csv
| eval which=coalesce(which, "report2.csv")
|inputlookup append=t report3.csv
| eval which=coalesce(which, "report3.csv")
0 Karma
Reply

Shashank_87
Explorer
‎12-04-2019 03:56 AM

@woodcock Hi, Thanks for your quick response. This really works fine. But I have to first output my query results to a CSV and then use the above command to append the results in one csv.

Actually what i was thinking of if we can create 3 separate csv's and attach them together in same mail. Not sure if that is possible?

0 Karma
Reply

woodcock
Esteemed Legend
‎01-01-2020 06:29 PM

You can also use loadjob and savedsearch to pull in the results of previous search runs; this will bypass having to write to a file but you run the risk of the searches' TTL expiring and splunk reaping the search job artifacts if you are not careful.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...