Splunk Search

Combining multiple searches on multiple source files into a single search

Path Finder

Hello Experts,

I have a dashboard with a dropdown with the following selection


Based on the selection I choose a source and run various searches and display the dashboard.
For example, If user input is 2022-Apr, I use the token to use
C:\\test\\data_2022-Apr.csv and run searches and it works fine.

However I also have a requirement where I need to Plot a value from all three sources in a single panel.
For example, Say I have a data point arrived with various calculations called "total utilization" from each sources in the above list.
I need to plot this value for the last 3 months (current + last two months data ) in a single panel.
So if the user selects 2022-May, I need to run searches on each of the above file, get the total utilization and display in a single column chart.
I have used eval command to work out the past months file names and worked out the search command to get the value as well. However, since I am using different sources, I am only able to get them in different search commands, i.e in a different dashboard panel.
So the question is, Is it possible to combine multiple search commands on different sources into one single search and generate a single column graph ? I have looked at subsearch related posts earlier, however they seem to be on different sourcetypes rather than source itself.

Would appreciate any inputs.
Thanks in advance.

Labels (3)
0 Karma

Path Finder

Just in case if anyone else runs in to this post. I solved this problem using saved searches that takes dynamic inputs for previous months data and then using eval data =[ savedsearch | return output ] option to get the search results.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...