- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can I join fields output from two extensive search...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can I join fields output from two extensive search queries to create a list of fields on which I can run my final query to get desired result
I am new to splunk and right now trying to create a dashboard for IT.
I have different csv file for AV, PAtch, Software Installed.
I am able to individually upload all the csv files into same index and perform search operation to calculate the AVNotInstalled_status, PatchNotInstalled_status, SoftwareInstalledExpired_status.
But when I want to combine the AV Patch and SW status fields by joining the search queries as I have written, I am not able to get the desired combination.
ANy help Appreciated.
P.S. I am new to the Splunk Help, Please let me know if I need to provide any more information, I cant share data or search queries due to confidentiality agreements
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OKay, here is what you need to give us, at a minimum, for us to be able to help.
1) The format of each of the files, with non-confidential sample data. Mark them each with the code button (101 010) so they stay formatted the way you want them. You could also indent them by four or more spaces and that will work too.
2) What your current code is (mark it as code, same way.)
3) What your current output is (same).
If you understand your data, then you can get us non-confidential versions of it. You really need to break the problem down into a "toy" problem, with a minimum number of fields. The fields can be called "foo" and "bar", or "field1" and "field2", or "animal" and "flower", it doesn't matter.
Before you try to do that, go read my response on this one, which tells you somewhat how to think about writing splunk queries:
https://answers.splunk.com/answers/561130/how-to-join-two-tables-where-the-key-is-named-diff.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @DalJeanis
I had raised another query before this one was answered. I have also added comments as you have suggested.
please refer to that query and provide me guidance.
https://answers.splunk.com/answers/676859/best-practice-for-uploading-csv-files-or-else-issu.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @MuS can you have a look at my query and suggest me
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi vikfnu,
without further and much more detailed information, it is impossible to help you. If you cannot share the search nor the data, then there is not much we can do ¯\_(ツ)_/¯
cheers, MuS
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
