How to line up 2 reports

iamsplunker · ‎10-26-2020

Hello Splunk Community,

I have 2 reports trying to combine into 1. The fields are different to each other. Say Report 1 has field1,field2,field3,field4,field5 and Report2 has field6, field,7, field8,field9

Report 1 uses weekly time range earliest=-1w@w latest=@w1

Report 2 uses Year to date time range earliest=@y latest=@w1

I tried using append,appedcols and join but the values are messing up and not lined up together

Please help

ITWhisperer · ‎10-27-2020

What were you hoping to achieve?

iamsplunker · ‎10-29-2020

@ITWhisperer : I'm trying to combine 2 reports into 1 and schedule one report. The first report has weekly values where the second has Yearly values with different columns

ITWhisperer · ‎10-29-2020

@iamsplunker You will need to be more specific. Without seeing your queries I will have to guess: your columns don't line up because they are different names; your rows probably don't line up because they are different dates? Do you want to line the columns up or the rows? If it is the columns, you would need to rename the fields from one query so that they match the fields from the other query. If you want the rows to line up, you will probably have to adjust the dates so that they are the same, they are possibly timestamped with the beginning of the period rather than the end.

How to line up 2 reports

fields

join

stats

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

How to line up 2 reports

fields

join

stats

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem