Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to line up 2 reports

iamsplunker
Communicator
‎10-26-2020 12:51 PM

Hello Splunk Community,

I have 2 reports trying to combine into 1. The fields are different to each other. Say Report 1 has field1,field2,field3,field4,field5 and Report2 has field6, field,7, field8,field9

Report 1 uses weekly time range earliest=-1w@w latest=@w1

Report 2 uses Year to date time range earliest=@y latest=@w1

I tried using append,appedcols and join but the values are messing up and not lined up together

Please help

Labels (3)
Labels
Tags (3)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-27-2020 01:06 AM

What were you hoping to achieve?

0 Karma
Reply

iamsplunker
Communicator
‎10-29-2020 10:02 AM

@ITWhisperer : I'm trying to combine 2 reports into 1 and schedule one report. The first report has weekly values where the second has Yearly values with different columns

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-29-2020 11:33 AM

@iamsplunker You will need to be more specific. Without seeing your queries I will have to guess: your columns don't line up because they are different names; your rows probably don't line up because they are different dates? Do you want to line the columns up or the rows? If it is the columns, you would need to rename the fields from one query so that they match the fields from the other query. If you want the rows to line up, you will probably have to adjust the dates so that they are the same, they are possibly timestamped with the beginning of the period rather than the end.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...