Splunk Search

How to line up 2 reports

iamsplunker
Explorer

Hello Splunk Community,

I have 2 reports trying to combine into 1. The fields are different to each other. Say Report 1 has field1,field2,field3,field4,field5 and Report2 has field6, field,7, field8,field9

Report 1 uses weekly time range earliest=-1w@w latest=@w1

Report 2 uses Year to date time range earliest=@y latest=@w1

I tried using append,appedcols and join but the values are messing up and not lined up together

Please help

Labels (3)
Tags (3)
0 Karma

ITWhisperer
Legend

What were you hoping to achieve?

0 Karma

iamsplunker
Explorer

@ITWhisperer : I'm trying to combine 2 reports into 1 and schedule one report. The first report has weekly values where the second has Yearly values with different columns

0 Karma

ITWhisperer
Legend

@iamsplunker You will need to be more specific. Without seeing your queries I will have to guess: your columns don't line up because they are different names; your rows probably don't line up because they are different dates? Do you want to line the columns up or the rows? If it is the columns, you would need to rename the fields from one query so that they match the fields from the other query. If you want the rows to line up, you will probably have to adjust the dates so that they are the same, they are possibly timestamped with the beginning of the period rather than the end.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!