Usage of Splunk commands : APPEND

Usage of Splunk commands  : APPEND

Usage of Splunk commands : APPEND is as follows

  • Append command appends the result of a subsearch with the current result.
  • This command runs only over the historical data.
  • It doesn’t show the correct result if you use this command in real time basis.
  • The subsearch must be start with a generating command.

Find below the skeleton of the usage of the command “append” in SPLUNK :

 append  <subsearch>

 Example :

index=_internal sourcetype=splunkd_ui_access 
| stats count by method 
| append [ search index=_audit | stats count by info ]

 Result :

append

 Explanation:

In the above query we have used the two search .“Red” rectangular box is showing the result of main search and “Blue” rectangular box is showing the result of subsearch.By the “append” command we have appended the result of subsearch with the result of main search.

 

Now you can effectively utilize “append”  command in  your daily use to meet your requirement !!

Hope you are now comfortable in : Usage of Splunk commands  : APPEND

 

HAPPY  SPLUNKING !!

 

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.