Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine 4 separate reports into single email alert?

SathyaNarayanan
Path Finder
‎01-30-2018 03:57 AM

Hi,

I have 4 different reports which don't have any common field, but the application team want all the reports in single email.

Tags (1)
0 Karma
Reply

elliotproebstel
Champion
‎01-30-2018 07:28 AM

It sounds like you are looking to have four separate tables sent in a single email, which is a good use case for building a dashboard that displays the four tables/searches and emails the whole dashboard on a scheduled basis. Here's guidance on how to do that:

http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Report/GeneratePDFsofyourreportsanddashboards

0 Karma
Reply

prammod123
Explorer
‎04-30-2019 03:55 AM

When we create a report from multiple dashboard panels it would be extracted as a PDF file..., what we need is send multiple reports in csv format in a single mail.

0 Karma
Reply

cmerriman
Super Champion
‎01-30-2018 04:39 AM

as long as the searches don't hit any limits, you might be able to use |append and tack all the searches into the same table. You'll need to adjust the alerts to be based on all the fields of interest. http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Append

0 Karma
Reply

SathyaNarayanan
Path Finder
‎01-31-2018 03:54 AM

we can do append but they dont even have any common fields in it.

0 Karma
Reply

cmerriman
Super Champion
‎04-30-2019 07:53 AM

they don't need a common field.

|makeresults|eval field1="foo"|eval field2="bar"|eval report="report name1"|fields - _time |append [|makeresults|eval field3="value"|eval report="report name2"|fields - _time]

It will just create a new column for the fields that don't match. you could do an eval, though, to bring in what report it's for so the recipients know which lines are for which report.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...