How to combine multiple searches in same alert

Splunk Search

HI,

I have 3 searches that give results for errors and journey length. I wanted to add all these searches together and send an alert when it breaches the threshold values. Can you please help me with how to combine these three searches so that we get them in a single alert?

Search queries I wanted to combine -

Journey completion time

index=nextgen sourcetype=lighthouse_json sourcetype=lighthouse_json datasource=webpagetest  | timechart span=1h avg(duration) AS "Journey completion time"

Errors

index=nextgen sourcetype=lighthouse_json sourcetype=lighthouse_json datasource=webpagetest errorORstatuscode=500 OR errorORstatuscode=4* NOT url="*sentry*" | timechart span=1h count(step) by step

Error status codes

index=nextgen sourcetype=lighthouse_json sourcetype=lighthouse_json datasource=webpagetest errorORstatuscode=500 OR errorORstatuscode=4* NOT url="*sentry*" | table _time, step, url, errorORstatuscode

Thanks,

Swetha. G

Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Are you a member of the Splunk Community?