Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Combine 3 csv reports and send it in one Email

Shashank_87
Explorer
‎12-04-2019 02:53 AM

Hi, I am stuck into a weird problem. I have 3 queries from 3 different source producing a table with a service name and it's error count. Is it possible that I generate 3 reports, attach it in the same email and trigger it as a scheduled report. I know we can use append command but i think that will make the output a bit messy.
Is there any other way?

0 Karma
Reply

woodcock
Esteemed Legend
‎12-04-2019 03:32 AM

There are many ways but the best is like this:

|inputlookup append=t report1.csv
| eval which=coalesce(which, "report1.csv")
|inputlookup append=t report2.csv
| eval which=coalesce(which, "report2.csv")
|inputlookup append=t report3.csv
| eval which=coalesce(which, "report3.csv")
0 Karma
Reply

Shashank_87
Explorer
‎12-04-2019 03:56 AM

@woodcock Hi, Thanks for your quick response. This really works fine. But I have to first output my query results to a CSV and then use the above command to append the results in one csv.

Actually what i was thinking of if we can create 3 separate csv's and attach them together in same mail. Not sure if that is possible?

0 Karma
Reply

woodcock
Esteemed Legend
‎01-01-2020 06:29 PM

You can also use loadjob and savedsearch to pull in the results of previous search runs; this will bypass having to write to a file but you run the risk of the searches' TTL expiring and splunk reaping the search job artifacts if you are not careful.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...