How to combine 4 separate reports into single emai...

SathyaNarayanan · ‎01-30-2018

Hi,

I have 4 different reports which don't have any common field, but the application team want all the reports in single email.

elliotproebstel · ‎01-30-2018

It sounds like you are looking to have four separate tables sent in a single email, which is a good use case for building a dashboard that displays the four tables/searches and emails the whole dashboard on a scheduled basis. Here's guidance on how to do that:

http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Report/GeneratePDFsofyourreportsanddashboards

prammod123 · ‎04-30-2019

When we create a report from multiple dashboard panels it would be extracted as a PDF file..., what we need is send multiple reports in csv format in a single mail.

cmerriman · ‎01-30-2018

as long as the searches don't hit any limits, you might be able to use |append and tack all the searches into the same table. You'll need to adjust the alerts to be based on all the fields of interest. http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Append

SathyaNarayanan · ‎01-31-2018

we can do append but they dont even have any common fields in it.

cmerriman · ‎04-30-2019

they don't need a common field.

|makeresults|eval field1="foo"|eval field2="bar"|eval report="report name1"|fields - _time |append [|makeresults|eval field3="value"|eval report="report name2"|fields - _time]

It will just create a new column for the fields that don't match. you could do an eval, though, to bring in what report it's for so the recipients know which lines are for which report.

How to combine 4 separate reports into single email alert?

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM