Reporting

Create a report with two different time ranges

vkmurthy
New Member

I have a report created which analyzes my data over the past 30 days.

Then I have a dashboard, with three different searches/panels that analyzes specific data over the last 24 hours.

I would like to put the data from this dashboard into the same report. This would be highly convenient to see everything on one page by Id which is a field. If the data is not available for the past 24 hours, but exists over 30 days, that cell should be empty .

More specifically, in the 30 day report I search for all units that have been online in the past 30 days, and then put them in a table.

Id="*" Status="*" earliest=-30d latest=now
| dedup Id
| table _time Id customer Status Number_of_Days_Since_Comms

in the dashboard, my three searches create sparklines or tables.

Id="*" metrics1="0.0"
|chart sparkline(avg(metrics1)) as "Metrics1 over 24 Hours" by Id

Id="*" metrics2="0.0"
|chart sparkline(avg(metrics2)) as "Metrics2 over 24 Hours" by Id

Id="*" (metrics3<="X" OR metrics4<"Y")
|table _time Id metrics3 metrics4 

How can I combine these into a single report?

0 Karma

woodcock
Esteemed Legend

I have no idea what you really need here. Please edit/comment and add much more detail.

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...