Knowledge Management

How to store a value in splunk and use the value in other search

raghav4a1
New Member

in this code i need to store Energ1 with numerical value and the energy1 with the string values and use these values in the last search is it possible to do

index=coemission |search household_id="1"| stats sum(energy_consumed_kwh_per_day) as Energ|eval Energ1=Energ

|append [ search index=coemission|search household_id ="1"|stats values(energy_provider) as energy|eval energy1=energy]

|append [search sourcetype="energyscore"|search energy_provider=energy|stats sum(nuclear) as nuclear,sum(lignite) as lignite,sum(hardcoal) as hardcoal,sum(natural gas) as naturalgas,sum(renewables) as renewables,sum(others) as others

|eval nuclear1=nuclear*Energ1|eval lignite1=lignite*Energ1|eval hardcoal1=hardcoal*Energ1|eval naturalgas1=naturalgas*Energ1|eval renewables1=renewables*Energ1|eval others=others*Energ1|fields - nuclear,lignite,hardcoal,naturalgas,renewables,others]

Labels (1)
Tags (1)
0 Karma

woodcock
Esteemed Legend

Like this:

index="YouShouldAlwaysSpecifyAnIndex" AND sourcetype="energyscore" AND energy_provider="energy"
|stats sum(nuclear) AS nuclear sum(lignite) AS lignite sum(hardcoal) AS hardcoal sum(natural gas) AS naturalgas sum(renewables) AS renewables,sum(others) AS others 
|foreach nuclear lignite hardcoal naturalgas renewables others
[ eval <<FIELD>>1 = <<FIELD>> * [search index=coemission AND household_id="1" | stats sum(energy_consumed_kwh_per_day) AS Energ | return $Energ ] | fields - <<FIELD>> ]
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!