Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Joining Tables

crmarley20
Explorer
‎02-09-2022 08:48 AM

Hello, 

I need your help please, I have two tables resulting from two searches and I need to join these two tables to make a cumulative bar chart according to date.

My tables are 

crmarley20_0-1644425055153.png

crmarley20_1-1644425077542.png

What I want to achieve is:

DatumA1A2A3A4A5A6
2022-02-085.7 3.71.94.5690.3

 

 

 

Labels (7)
0 Karma
Reply

BahadirS
Path Finder
‎02-09-2022 11:15 PM

Hello

You have two different formatted tables. You might want to transform the structure either on first search or second. 

 

first_search
| join type=left Schicht_Datum [ second_search | untable Schicht_Datum segment mid_result ]
| xyseries Schicht_Datum segment mid_result

 

 

0 Karma
Reply

VatsalJagani
Super Champion
‎02-09-2022 10:58 PM

Something like this:

<first table's search> | chart sum(mid_result) over segment
| append [| search <second table's search>]
| stats sum(*) as * by Schiche_Datum
| rename Schiche_Datum as Datum

Kindly ignore typos and fix column names if I mis-typed it.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-09-2022 09:12 AM

What are your two searches?

0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...