Splunk Search

How to store a value in one search and give it to other search

raghav4a1
New Member

i need to store a numerical value in Energ1 and store a string value in energy1 and use them in the last search

      index=coemission |search household_id="1"| stats sum(energy_consumed_kwh_per_day) as Energ|eval Energ1=Energ  


|append [ search index=coemission|search household_id ="1"|stats values(energy_provider) as energy|eval energy1=energy]


|append [search sourcetype="energyscore"|search energy_provider=energy|stats sum(nuclear) as nuclear,sum(lignite) as lignite,sum(hardcoal) as hardcoal,sum(natural gas) as naturalgas,sum(renewables) as renewables,sum(others) as others 


|eval nuclear1=nuclear*Energ1|eval lignite1=lignite*Energ1|eval hardcoal1=hardcoal*Energ1|eval naturalgas1=naturalgas*Energ1|eval renewables1=renewables*Energ1|eval others=others*Energ1|fields - nuclear,lignite,hardcoal,naturalgas,renewables,others]       
Tags (2)
0 Karma

woodcock
Esteemed Legend

Like this:

index="YouShouldAlwaysSpecifyAnIndex" AND sourcetype="energyscore" AND energy_provider="energy"
|stats sum(nuclear) AS nuclear sum(lignite) AS lignite sum(hardcoal) AS hardcoal sum(natural gas) AS naturalgas sum(renewables) AS renewables,sum(others) AS others 
|foreach nuclear lignite hardcoal naturalgas renewables others
[ eval <<FIELD>>1 = <<FIELD>> * [search index=coemission AND household_id="1" | stats sum(energy_consumed_kwh_per_day) AS Energ | return $Energ ] | fields - <<FIELD>> ]
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...