Splunk Search

How do you combine two searches?

Path Finder

I have two searches that work fine, but I want to show them in one dashboard. I have these two

1-....search....:

 |stats count values(Message.DocumentId) as "Doumentid" by cbatchid

2-....search....

| stats count(eval('message.information'="Sent to ESB")) as Sent,count(eval('message.information'!="Sent to ESB")) as NOTSENT by message.x-cak-messageid |  eval Status=if(Sent=1,"OK","NOK")

Index, source etc. are the same, the searches only contain which index en source to search in. How can I combine the two ?

0 Karma
1 Solution

Explorer

Try this search..

| makeresults
| eval id="1"
| eval batch="2013"
| appendcols [| makeresults | eval success=1
| eval failure=4
| eval message=Thisissample
| eval Status=if(success=1,"OK","NOK")]

It works for me..

Note: You can use either "appendcols, append, join" depending on the results you want to output.

https://splunkonbigdata.com/2018/09/05/usage-of-splunk-commands-appendcols/

View solution in original post

0 Karma

Explorer

Try this search..

| makeresults
| eval id="1"
| eval batch="2013"
| appendcols [| makeresults | eval success=1
| eval failure=4
| eval message=Thisissample
| eval Status=if(success=1,"OK","NOK")]

It works for me..

Note: You can use either "appendcols, append, join" depending on the results you want to output.

https://splunkonbigdata.com/2018/09/05/usage-of-splunk-commands-appendcols/

View solution in original post

0 Karma

Path Finder

Thanks, but I dont see how my searches are related to your example. Looks like a totally different search

0 Karma

Builder
search.... |stats count values(Message.DocumentId) as "Doumentid" by cbatchid
append [
 search.... |   stats count(eval('message.information'="Sent to ESB")) as Sent,count(eval('message.information'!="Sent to ESB")) as NOTSENT by message.x-cak-messageid | eval Status=if(Sent=1,"OK","NOK")
]
0 Karma

Path Finder

Hmmm, I get no results found. So somewhere I am doing something wrong

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!