Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to combine the results of multiple searches in a single table or panel?

JohnBelliveau
New Member
‎11-12-2015 09:18 AM

I'm trying to create a dashboard panel with a statistics table, which needs to be populated with the results from multiple searches.
I have searches which will populate each row of a table, which would look something like:

               Tested Limit     Historical Peak     Headroom     Today's Peak
Requests/s        20,000            10,000            100%           8,972 
Responses/s      120,000            20,000            600%          12,899

Obviously, the formatting of the results would be easier if the results could be obtained using a single search, but this is not the case. I would prefer having to avoid creating a custom dashboard just for this, so I'm looking for an alternate approach.

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎11-12-2015 10:37 AM

Hi @JohnBelliveau,
Here's an older post on Answers addressing what sounds like a similar question--using multiple searches in a single table. There are a couple of different options, depending on how your event data is structured and the searches you want to run for the table:
https://answers.splunk.com/answers/66473/multiple-search-output-in-a-single-table-list-something.htm...

One suggestion in the above post is to use the appendcols command to append fields from subsearches. Here are some examples in our documentation:
http://docs.splunk.com/Documentation/Splunk/6.3.1/SearchReference/Appendcols#Examples

You could also check out the Dashboard Examples app to get some ideas. In particular, the "Multi-Search Management" example might help:
https://splunkbase.splunk.com/app/1603/

Hope this helps! Let me know if you need more suggestions,
@frobinson_splunk

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...