Reporting

How to combine 4 separate reports into single email alert?

SathyaNarayanan
Path Finder

Hi,

I have 4 different reports which don't have any common field, but the application team want all the reports in single email.

Tags (1)
0 Karma

elliotproebstel
Champion

It sounds like you are looking to have four separate tables sent in a single email, which is a good use case for building a dashboard that displays the four tables/searches and emails the whole dashboard on a scheduled basis. Here's guidance on how to do that:

http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Report/GeneratePDFsofyourreportsanddashboards

0 Karma

prammod123
Explorer

When we create a report from multiple dashboard panels it would be extracted as a PDF file..., what we need is send multiple reports in csv format in a single mail.

0 Karma

cmerriman
Super Champion

as long as the searches don't hit any limits, you might be able to use |append and tack all the searches into the same table. You'll need to adjust the alerts to be based on all the fields of interest. http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Append

0 Karma

SathyaNarayanan
Path Finder

we can do append but they dont even have any common fields in it.

0 Karma

cmerriman
Super Champion

they don't need a common field.

|makeresults|eval field1="foo"|eval field2="bar"|eval report="report name1"|fields - _time |append [|makeresults|eval field3="value"|eval report="report name2"|fields - _time]

It will just create a new column for the fields that don't match. you could do an eval, though, to bring in what report it's for so the recipients know which lines are for which report.

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...