How to edit my search to get a table of data from ...

carlpier · ‎02-23-2015

Hello,

I’m looking for to get a table from the the search results from two indexes:

index="imwaccesslog" OR index="nbdrest-performance" 
sourcetype=IMWAccessLog OR sourcetype="PerfNBDCustomTSV" 
URI="/nbd-rest/rest/nbd/inquiry/Inquiry/getUtente" OR Service="DBInquiryServiceImpl.estraiRapportiUtente" 
| stats max(ETsec) as m_LOG max(ETms) as m_PERF | table URI, m_LOG, Service, m_PERF

The result I'm currently getting is:

URI m_LOG   Service m_PERF
     4.681               63

The result I would like to get:

URI                                       m_LOG Service                                m_PERF
/nbd-rest/rest/nbd/inquiry/Inquiry/getUtente 4.681 DBInquiryServiceImpl.estraiRapportiUtente 63

Thanks in advance for the assistance.

Raghav2384 · ‎02-24-2015

try 

stats max(ETsec) as m_LOG ,max(ETms) as m_PERF by URI,Service,_time | table URI, m_LOG, Service, m_PERF

thanks,
Raghav

markthompson · ‎02-23-2015

Try this:
(index="imwaccesslog" AND sourcetype=IMWAccessLog) OR (index="nbdrest-performance" AND sourcetype="PerfNBDCustomTSV" )

carlpier · ‎02-24-2015

I'm sorry, but the result is' still the same as the previous:

URI m_LOG Service m_PERF
4.681 63

fields URI and Service are not valued

thank you for what you can do

How to edit my search to get a table of data from multiple indexes?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Are you a member of the Splunk Community?

How to edit my search to get a table of data from multiple indexes?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI