Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Single graph from Multi search index

BharathKN
New Member
‎07-31-2017 02:49 PM

Hi, I need a chart from multiple source and multiple search terms.

search 1: index="SessionController" host = "abc01*" | stats distinct_count(session) by date_hour
search 2: index="CompleteSale" host = "xyz*" | stats distinct_count(order) by date_hour

I want a line graph that will show number of requests (i.e. count of Session's) and the orders per hour.

Thanks in advance.

0 Karma
Reply

knielsen
Contributor
‎08-01-2017 01:03 AM

If the session and order fields are exclusively used on the source where you want to count them, you can simply combine your searches:

(index="SessionController" host = "abc01*") OR (index="CompleteSale" host = "xyz*") | stats distinct_count(session) distinct_count(order) by date_hour
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...