Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Combining multiple independent searches result int...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Combining multiple independent searches result into excel/csv file and send a single mail
chintan_shah
Path Finder
07-21-2016
08:05 AM
Hi, i have a requirement of combining multiple independent searches into a single excel/csv file and schedule a single email for sending the results.
can anyone help me out please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
07-21-2016
08:48 AM
You can use some combination of the following commands (read the dox and make a decision): inputcsv, outputcsv, loadjob, savesearch, sendemail.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
chintan_shah
Path Finder
07-21-2016
09:29 AM
Thanks for your response. but i missed a point where i want all the results to be in separate tabs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
07-21-2016
09:35 AM
Impossible with native splunk but there may be something like this on splunkbase (I doubt it).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
chintan_shah
Path Finder
07-21-2016
09:44 AM
Thanks Woodcock for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pradeepkumarg
Influencer
07-21-2016
08:19 AM
Schedule your multiple independent searches and update the lookup for each search using | outputlookup [append=true]. Then have another search scheduled at a slightly later point of time to read from this lookup and email the results
There is another solution where you can club all your independent searches into one search using append. You might hit into sub search limit issues this way
search1 append [search 2]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
chintan_shah
Path Finder
07-21-2016
09:29 AM
Thanks for your response. but i missed a point where i want all the results to be in separate tabs.
Get Updates on the Splunk Community!
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Index This | What goes away as soon as you talk about it?
May 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this month’s ...
What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025
This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...
