How do I get results of all values in 2 subqueries...

Anantha123 · ‎01-18-2019

i have 2 of the same subqueries in my search with different time periods. So, both results are different.

If I use "appendcols" , the results shown are incorrect. The values jump to fillfull some empty fields in between.

If I use "join", it's like self join or inner join. it gives results that are in common in both queries.

if i use "join type=left", i am not getting the results from query 2 that are not there in query 1, as it considers query 1 to be primary .

I want all the results of subquery1 and subquery2 even if they are not there in any one of the subqueries (like union).

Please help.

vnravikumar · ‎01-18-2019

Hi @Anantha123

Try

firstquery|append[| second query]

Anantha123 · ‎01-21-2019

append wont help me as i want the results of both queries combined . I will get below result if I use append.

Result of 1st Query

Operation1 Failure1
Operation2 Failure2
Operation3 Failure3

Results of 2nd Query
Operation1 Total1
Operation2 Total2
Operation4 Total4

If I use append , I will get result as below
Operation1 Failure1 0
Operation2 Failure2 0
Operation3 Failure3 0
Operation1 0 Total1
Operation2 0 Total2
Operation4 0 Total4

I want output as
Operation1 Failure1 Total1
Operation2 Failure2 Total2
Operation3 Failure3 0

Operation4 0 Total4

How do I get results of all values in 2 subqueries?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!