Splunk Dev

can multiple indexes be searched for different fields?

agentguerry
Path Finder

Can splunk search for different indexes that contain different fields, and present that data out in readable format?

I am trying to use one search that looks in index A, for specific fields, then another search for index B, looking for different fields than are contained in index A.

This is in an attempt to give out a daily report that can give us a single email showing us different tables on a single email of:

cpu percentage
drive full percentage
status of an application (running/stopped)
etc.

Or is there perhaps a way that splunk can merge separate reports into one, and email it out in the message body?

I will continue looking, but any help is appreciated. thanks.

gaurav_maniar
Builder

accept the answer that helped to close the question.

0 Karma

agentguerry
Path Finder

thanks i will look into these more. i do find that i can export a dashboard as pdf to email. that may work for us for our needs.
I believe that option will attach the pdf, but not plant the dashboard into the email body.

0 Karma

gaurav_maniar
Builder

Hi,

this can be done in multiple ways.
- append - https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Append
it appends the results from the subsearch to the mail search as events

you will get the better idea by going through the examples given on the reference sites.

accept & up-vote the answer if it helps

manjunathmeti
SplunkTrust
SplunkTrust

You can search both the indexes with OR.

(index=indexA fieldA1=<> fieldA2=<>) OR (index=indexB fieldB1=<> fieldB2=<>) | table index, fieldA1, fieldA2, fieldB1, fieldB2
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...