Splunk Search

How to line up 2 reports

iamsplunker
Communicator

Hello Splunk Community,

I have 2 reports trying to combine into 1. The fields are different to each other. Say Report 1 has field1,field2,field3,field4,field5 and Report2 has field6, field,7, field8,field9

Report 1 uses weekly time range earliest=-1w@w latest=@w1

Report 2 uses Year to date time range earliest=@y latest=@w1

I tried using append,appedcols and join but the values are messing up and not lined up together

Please help

Labels (3)
Tags (3)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What were you hoping to achieve?

0 Karma

iamsplunker
Communicator

@ITWhisperer : I'm trying to combine 2 reports into 1 and schedule one report. The first report has weekly values where the second has Yearly values with different columns

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

@iamsplunker You will need to be more specific. Without seeing your queries I will have to guess: your columns don't line up because they are different names; your rows probably don't line up because they are different dates? Do you want to line the columns up or the rows? If it is the columns, you would need to rename the fields from one query so that they match the fields from the other query. If you want the rows to line up, you will probably have to adjust the dates so that they are the same, they are possibly timestamped with the beginning of the period rather than the end.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...