show results from two splunk queries into one

join splunk
A-D picture A-D · Jan 6, 2017 · Viewed 9.7k times · Source

I have two separate splunk queries: 1st Query : Outputs unique user count in last 24 hours 2nd Query : Outputs unique users count in last 24 hours in geo = US

I want to create a timechart that will show , a line chart with % of user everyday from US.

How can this be achieved.

Answer

Pritam Banerjee picture Pritam Banerjee · Jan 6, 2017

You can join the two queries by using :

|

So your query can look like this:

{firstQuery} as countUS| {secondQuery} as countTotal | eval perc=countUS/countTotal

Related questions

What is the difference between "INNER JOIN" and "OUTER JOIN"?

Also how do LEFT JOIN, RIGHT JOIN and FULL JOIN fit in?

Read More
SQL update from one Table to another based on a ID match

I have a database with account numbers and card numbers. I match these to a file to update any card numbers to the account number, so that I am only working with account numbers. I created a view linking the …

Read More
What's the difference between INNER JOIN, LEFT JOIN, RIGHT JOIN and FULL JOIN?

What's the difference between INNER JOIN, LEFT JOIN, RIGHT JOIN and FULL JOIN in MySQL?

Read More