Usage of Splunk commands : APPEND
Usage of Splunk commands : APPEND is as follows
- Append command appends the result of a subsearch with the current result.
- This command runs only over the historical data.
- It doesn’t show the correct result if you use this command in real time basis.
- The subsearch must be start with a generating command.
Find below the skeleton of the usage of the command “append” in SPLUNK :
index=_internal sourcetype=splunkd_ui_access | stats count by method | append [ search index=_audit | stats count by info ]
In the above query we have used the two search .“Red” rectangular box is showing the result of main search and “Blue” rectangular box is showing the result of subsearch.By the “append” command we have appended the result of subsearch with the result of main search.
Now you can effectively utilize “append” command in your daily use to meet your requirement !!
Hope you are now comfortable in : Usage of Splunk commands : APPEND
HAPPY SPLUNKING !!