Combining multiple independent searches result int...

chintan_shah · ‎07-21-2016

Hi, i have a requirement of combining multiple independent searches into a single excel/csv file and schedule a single email for sending the results.
can anyone help me out please?

woodcock · ‎07-21-2016

You can use some combination of the following commands (read the dox and make a decision): inputcsv, outputcsv, loadjob, savesearch, sendemail.

chintan_shah · ‎07-21-2016

Thanks for your response. but i missed a point where i want all the results to be in separate tabs.

woodcock · ‎07-21-2016

Impossible with native splunk but there may be something like this on splunkbase (I doubt it).

chintan_shah · ‎07-21-2016

Thanks Woodcock for your help.

pradeepkumarg · ‎07-21-2016

Schedule your multiple independent searches and update the lookup for each search using | outputlookup [append=true]. Then have another search scheduled at a slightly later point of time to read from this lookup and email the results

There is another solution where you can club all your independent searches into one search using append. You might hit into sub search limit issues this way

 search1 append [search 2]

chintan_shah · ‎07-21-2016

Thanks for your response. but i missed a point where i want all the results to be in separate tabs.

Combining multiple independent searches result into excel/csv file and send a single mail

Tech Talk Recap | Mastering Threat Hunting

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Data Persistence in the OpenTelemetry Collector

Are you a member of the Splunk Community?

Combining multiple independent searches result into excel/csv file and send a single mail

Tech Talk Recap | Mastering Threat Hunting

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Data Persistence in the OpenTelemetry Collector