Reporting

Merging two existing splunk reports and combining them to a new one.

nirmeshsolanki
Explorer

Hi Team, Needs assistance with merging two reports and their query and producing a new query/report having all the content of both the reports.

 

IPAMv4 Device Networks
source=ib:discovery:switch_port_capacity index=ib_discovery | fillnull value="N/A" | dedup network_view device_ip_address interface_ip_address | join type=inner InterfaceSubnet, network_view [search sourcetype=ib:ipam:network index=ib_ipam | dedup NETWORK, view | rename NETWORK as InterfaceSubnet view as network_view | fields InterfaceSubnet, network_view, allocation] | APPEND [search sourcetype=ib:ipam:network index=ib_ipam | dedup NETWORK, view | rename NETWORK as InterfaceSubnet view as network_view | join type=left InterfaceSubnet, network_view [search source=ib:discovery:switch_port_capacity index=ib_discovery | fields InterfaceSubnet, device_ip_address, network_view] | where isnull(device_ip_address)] | rename InterfaceSubnet as "IPAM Network" allocation as "Utilization %" device_ip_address as "Device IP" interface_ip_address as "Interface IP" device_model as "Device Model" device_vendor as "Device Vendor" device_version as "Device OS Version" device_name as "Device Name" network_view as "Network View" | table "IPAM Network", "Utilization %", "Network View", "Device IP", "Device Name", "Interface IP", "Device Model", "Device Vendor", "Device OS Version"
 
 
IP Address Inventory
source=ib:ipam:ip_address_inventory index=ib_ipam | sort 0 -_time, +ip(ip_address) | fillnull value="" | dedup network_view ip_address | eval last_discovered_timestamp=strftime(last_discovered_timestamp,"%Y-%m-%d %H:%M:%S") | eval first_discovered_timestamp=strftime(first_discovered_timestamp,"%Y-%m-%d %H:%M:%S") | rename network_view as "Network View" ip_address as "IP Address" discovered_name as "Discovered Name" port_vlan_name as "Vlan Name" port_vlan_number as "Vlan ID" vrf_name as "VRF Name" vrf_description as "VRF Description" vrf_rd as "VRF RD" bgp_as as "BGP AS" first_discovered_timestamp as "First Seen" last_discovered_timestamp as "Last Seen" managed as "Managed" management_platform as "Management Platform" | table "IP Address" "Discovered Name" "First Seen" "Last Seen" "Network View" "Managed" "Management Platform" "Vlan Name" "Vlan ID" "VRF Name" "VRF Description" "VRF RD" "BGP AS"
 
 
Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

What have you tried so far?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

nirmeshsolanki
Explorer

source=ib:discovery:switch_port_capacity index=ib_discovery | fillnull value="N/A" | dedup network_view device_ip_address interface_ip_address | join type=inner InterfaceSubnet, network_view [search sourcetype=ib:ipam:network index=ib_ipam | dedup NETWORK, view | rename NETWORK as InterfaceSubnet view as network_view | fields InterfaceSubnet, network_view, allocation] | APPEND [search sourcetype=ib:ipam:network index=ib_ipam | dedup NETWORK, view | rename NETWORK as InterfaceSubnet view as network_view | join type=left InterfaceSubnet, network_view [search source=ib:discovery:switch_port_capacity index=ib_discovery | fields InterfaceSubnet, device_ip_address, network_view] | where isnull(device_ip_address)] | rename InterfaceSubnet as "IPAM Network" allocation as "Utilization %" device_ip_address as "Device IP" interface_ip_address as "Interface IP" device_model as "Device Model" device_vendor as "Device Vendor" device_version as "Device OS Version" device_name as "Device Name" network_view as "Network View" | table "IPAM Network", "Utilization %", "Network View", "Device IP", "Device Name", "Interface IP", "Device Model", "Device Vendor", "Device OS Version"

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!