Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can append search result as part of another search result table from DensityFunction

masonlee2021
Loves-to-Learn
‎07-13-2021 02:04 PM

Hi, there,

I am working on following search and somehow cannot append the search as part of the "fit DensityFunction" table result from search macro "search_macro_smart($cef_ruleid$)"

splunk_server="splunk" index="area" source="area1" sourcetype="dsystem_events"
| stats count by cef_ruleid
| sort - count
| head 85
| map search="search `search_macro_smart($cef_ruleid$)`" maxsearches=85
| join [| makeresults | eval current_id=$cef_ruleid$ | stats values(current_id)]

 

The search macro "search_macro_smart($cef_ruleid$)"  will be generate 85 raw of data for outlier with data in past 45 days and I need the append "cef_ruleid " as part of the search macro output on dashboard so we can know the detected outlier belong to which ""cef_ruleid "

 

Your help is appreciated,

mason

 

 

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...