Combine 3 queries into tabular form for export to ...

shrogers · ‎02-18-2021

Hi All,

Need some assistance combining 3 queries in tabular form so I can export them to a lookup table.
I'm also trying to add a date range
Example - On 2021-02-18 morning we report metrics from 2021-02-16 5:00 PM to 2021-02-17 5:00 PM

Q1:
index=tst1 sourcetype IN (tst2, tst4, tst5) source IN ("/opt/performance.log", "/opt/formance.log", "/opt/test.log") | fields TRAN_TYPE, respTime, TRAN_TIME_MS |stats count as Total, count(eval(TRAN_TIME_MS<=3000)) as Total_Under_3sec1 ,count(eval(respTime<=3000)) as Total_Under_3sec2 | addtotals fieldname="Total_Under_3sec" Total_Under_3sec1 Total_Under_3sec2 | eval Perc = (Total_Under_3sec / Total)*100 |fields Perc

Q2:
index=tst2 sourcetype=tst2 PAGE_ID_WEIGHT=* TRAN_TYPE =* PAGE_ID=345 ACTION=GET | eval USER_ID=lower(USER_ID) | stats dc(USER_ID)

Q3:
index=tst3 sourcetype=test3 method=POST login=/tst3* user!=unauthenticated msgCode=302 | eval action=case(status==302,"Success") | stats dc(user)

Col1 Col2 Col3
99 89 97

Any assistance is appreciated.

saravanan90 · ‎02-19-2021

Great !!

Appreciate if you could accept as solution....:)

saravanan90 · ‎02-18-2021

This may help...

Query 1 | appendcols [ search Query2] | appendcols [search query3]

shrogers · ‎02-19-2021

Thank you for your quick response.

It works as expected.

Combine 3 queries into tabular form for export to .csv

other

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?