Splunk Search

How to create a search string to get data from multiple *.txt files?

pascoaljo
New Member

Dear Team,

I'm trying to to get data from two *.txt files into a single Line Chart.

For example, with the following string I get the data into the Line Chart:

(host=jp) source="/home/jp/pings/targets/googledns.txt" & timechart avg(time)

But what I am trying, is to get also data from another file, at the same time:

(host=jp) source="/home/jp/pings/targets/defaultGateway.txt"  & timechart avg(time)

So in Line Line Chart, shows the data from both files.

Thank you in advance.

Kind regards
JP

0 Karma

harishalipaka
Builder

hi @pascoaljo

try with |append , |appendpipe or |appendcols

(host=jp) source="/home/jp/pings/targets/googledns.txt" | timechart avg(time) as sheet1 |appendcols  [search (host=jp) source="/home/jp/pings/targets/defaultGateway.txt" | timechart avg(time) as sheet2]
0 Karma

pascoaljo
New Member

Dear Team,

First I would like to thank you, for your prompt reply... but unfortunately I get an error with the string you provided.

Error in 'SearchParser': Missing a search command before '('. Error at position '109' of search query 'search (host=jp) source="/home/jp/pings/targets/go...{snipped} {errorcontext = pendcols [(host=jp) s}'.

Thank you in advance.

Kind regards
JP

0 Karma

pascoaljo
New Member

Hi All,
next you find the solution, provided by msivill:

(host=jp) source="/home/jp/pings/targets/googledns.txt" OR source="/home/jp/pings/targets/defaultGateway.txt"
| timechart avg(time) by source

Kind regards
JP

0 Karma