https://community.splunk.com/t5/Splunk-Dev/postprocess-chaining-multiple-postprocess-searches/m-p/135278#M1934 <P>Hello,</P> <P>I was wondering if anyone have successfully done a chain of postprocesses?</P> <P>I'm using the django template {% postprocess ... %} but if I try to chain two or three postprocesses, I get wrong results. Here is below a very simple example, where I'm expecting the table4 to show a stats table but this is not the case. Any work around for this?</P> <PRE><CODE>{% block content %} {% table id="table1" managerid="search1" pageSize="10" %} {% table id="table2" managerid="postproc1_1" pageSize="10" %} {% table id="table3" managerid="postproc2" pageSize="10" %} {% table id="table4" managerid="postproc3" pageSize="10" %} {% endblock content%} {% block managers %} {% searchmanager id="search1" search="index=_internal | head 1000 | fields - _raw | fields sourcetype" earliest_time="-4h@h" latest_time="now" cache=False preview=False exec_mode="blocking" %} {% postprocessmanager id="postproc1" managerid="search1" search="search sourcetype=splunk*" %} {% postprocessmanager id="postproc1_1" managerid="postproc1" search=" search sourcetype!=splunkd | stats count as total by sourcetype" %} {% postprocessmanager id="postproc2" managerid="postproc1" search="search sourcetype=splunkd | stats count by sourcetype" %} {% postprocessmanager id="postproc3" managerid="postproc1_1" search="search sourcetype=splunk* " %} {% endblock managers %} </CODE></PRE> <P>Regards,<BR /> Olivier</P> Mon, 03 Feb 2014 17:02:45 GMT OL 2014-02-03T17:02:45Z https://community.splunk.com/t5/Splunk-Dev/postprocess-chaining-multiple-postprocess-searches/m-p/135278#M1934 <P>Hello,</P> <P>I was wondering if anyone have successfully done a chain of postprocesses?</P> <P>I'm using the django template {% postprocess ... %} but if I try to chain two or three postprocesses, I get wrong results. Here is below a very simple example, where I'm expecting the table4 to show a stats table but this is not the case. Any work around for this?</P> <PRE><CODE>{% block content %} {% table id="table1" managerid="search1" pageSize="10" %} {% table id="table2" managerid="postproc1_1" pageSize="10" %} {% table id="table3" managerid="postproc2" pageSize="10" %} {% table id="table4" managerid="postproc3" pageSize="10" %} {% endblock content%} {% block managers %} {% searchmanager id="search1" search="index=_internal | head 1000 | fields - _raw | fields sourcetype" earliest_time="-4h@h" latest_time="now" cache=False preview=False exec_mode="blocking" %} {% postprocessmanager id="postproc1" managerid="search1" search="search sourcetype=splunk*" %} {% postprocessmanager id="postproc1_1" managerid="postproc1" search=" search sourcetype!=splunkd | stats count as total by sourcetype" %} {% postprocessmanager id="postproc2" managerid="postproc1" search="search sourcetype=splunkd | stats count by sourcetype" %} {% postprocessmanager id="postproc3" managerid="postproc1_1" search="search sourcetype=splunk* " %} {% endblock managers %} </CODE></PRE> <P>Regards,<BR /> Olivier</P> Mon, 03 Feb 2014 17:02:45 GMT https://community.splunk.com/t5/Splunk-Dev/postprocess-chaining-multiple-postprocess-searches/m-p/135278#M1934 OL 2014-02-03T17:02:45Z https://community.splunk.com/t5/Splunk-Dev/postprocess-chaining-multiple-postprocess-searches/m-p/135279#M1935 <P>Tried to do it just now with javascript and basically you can't chain it because the postprocessmanager doesn't have the same functionality as the searchmanager. </P> <P>Really bad Splunk Design, as this it's very inefficient to keep having to access the data from the searchmanager.</P> Sat, 27 Aug 2016 04:35:22 GMT https://community.splunk.com/t5/Splunk-Dev/postprocess-chaining-multiple-postprocess-searches/m-p/135279#M1935 svenwendler 2016-08-27T04:35:22Z