Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search multiple indexes and display results in a single table?

carlpier
Explorer
‎02-09-2015 02:36 AM

Hello,

I am looking for a way to play in a single table the results of two different indexes.
The two searches are:

index="imwaccesslog" sourcetype="IMWAccessLog" URI = /nbd-rest/rest/mch/inquiry/Inquiry/recuperaProfiloUtente | stats count Max(ETsec)

AND

index="nbdrest-performance" sourcetype="PerfNBDCustomTSV" Service =  DBDisposizioniServiceImpl.recuperaProfiloUtenteBOL | stats count Max(ETms)

Any help would be greatly appreciated.

Thanks in advance!

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎02-09-2015 02:46 AM

Hi carlpier,

Something like this sould work:

 index="imwaccesslog" OR index=nbdrest-performance sourcetype="IMWAccessLog" OR sourcetype="PerfNBDCustomTSV" URI=/nbd-rest/rest/mch/inquiry/Inquiry/recuperaProfiloUtente OR Service=DBDisposizioniServiceImpl.recuperaProfiloUtenteBOL | stats count Max(ETms) Max(ETsec)

Hope this helps to get you started ...

cheers, MuS

0 Karma
Reply

carlpier
Explorer
‎02-09-2015 03:47 AM

thanks, I would like to separate the two counts by adding a where conditions for both searches:

eventstats perc95(ETsec) as resp_time_95_L by FIELD1 | where ETsec < resp_time_95_L | chart count avg(ETsec) stdev(ETsec) range(ETsec) min(ETsec) max(ETsec) by FIELD1| sort count | reverse

and

eventstats perc95(ETms) as resp_time_95_P by FIELD2 | where ETms < resp_time_95_P | chart count
avg(ETms) stdev(ETms) range(ETms) min(ETms) max(ETms) by FIELD2| sort count | reverse

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...