Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine the results of multiple searches in a single table or panel?

JohnBelliveau
New Member
‎11-12-2015 09:18 AM

I'm trying to create a dashboard panel with a statistics table, which needs to be populated with the results from multiple searches.
I have searches which will populate each row of a table, which would look something like:

               Tested Limit     Historical Peak     Headroom     Today's Peak
Requests/s        20,000            10,000            100%           8,972 
Responses/s      120,000            20,000            600%          12,899

Obviously, the formatting of the results would be easier if the results could be obtained using a single search, but this is not the case. I would prefer having to avoid creating a custom dashboard just for this, so I'm looking for an alternate approach.

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎11-12-2015 10:37 AM

Hi @JohnBelliveau,
Here's an older post on Answers addressing what sounds like a similar question--using multiple searches in a single table. There are a couple of different options, depending on how your event data is structured and the searches you want to run for the table:
https://answers.splunk.com/answers/66473/multiple-search-output-in-a-single-table-list-something.htm...

One suggestion in the above post is to use the appendcols command to append fields from subsearches. Here are some examples in our documentation:
http://docs.splunk.com/Documentation/Splunk/6.3.1/SearchReference/Appendcols#Examples

You could also check out the Dashboard Examples app to get some ideas. In particular, the "Multi-Search Management" example might help:
https://splunkbase.splunk.com/app/1603/

Hope this helps! Let me know if you need more suggestions,
@frobinson_splunk

Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...