https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529725#M149635 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225056">@dordavid</a>,</P><P>let me understand:</P><UL><LI>you have two searches,</LI><LI>you want to filter the results of search_1 where a field of search_2 is present.</LI></UL><P>Only one question: do you want to match field from search 2 with only one field from search_1 or in all the _raw?</P><P>In the second case you can use the following search:</P><LI-CODE lang="markup">your_search_1 [ search your_search_2 | rename field_2 AS query | fields query ] | ...</LI-CODE><P>&nbsp;in the first case (if field_1 is the field in the search_1 and field_2 is the field in search_2), try something like this:</P><LI-CODE lang="markup">your_search_1 [ search your_search_2 | eval field_1="*".field_2."*" | fields field_1 ] | ...</LI-CODE><P>In this second case the fields in main search and subsearch must have the same name (case sensitive).</P><P>Ciao.</P><P>Giuseppe</P> Tue, 17 Nov 2020 11:27:54 GMT gcusello 2020-11-17T11:27:54Z https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529723#M149634 <P>Hey, i want to search a field and get all the results which <FONT face="tahoma,arial,helvetica,sans-serif" color="#FF0000"><STRONG>contain a</STRONG>&nbsp;</FONT><FONT color="#FF0000"><STRONG>value </STRONG></FONT>from another field.</P><P>For example:&nbsp; I have 2 fields: message and str.</P><P>I want to get all the logs which their message field contain the value of str field.</P><P>how can i do that?</P> Tue, 17 Nov 2020 11:16:58 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529723#M149634 dordavid 2020-11-17T11:16:58Z https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529725#M149635 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225056">@dordavid</a>,</P><P>let me understand:</P><UL><LI>you have two searches,</LI><LI>you want to filter the results of search_1 where a field of search_2 is present.</LI></UL><P>Only one question: do you want to match field from search 2 with only one field from search_1 or in all the _raw?</P><P>In the second case you can use the following search:</P><LI-CODE lang="markup">your_search_1 [ search your_search_2 | rename field_2 AS query | fields query ] | ...</LI-CODE><P>&nbsp;in the first case (if field_1 is the field in the search_1 and field_2 is the field in search_2), try something like this:</P><LI-CODE lang="markup">your_search_1 [ search your_search_2 | eval field_1="*".field_2."*" | fields field_1 ] | ...</LI-CODE><P>In this second case the fields in main search and subsearch must have the same name (case sensitive).</P><P>Ciao.</P><P>Giuseppe</P> Tue, 17 Nov 2020 11:27:54 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529725#M149635 gcusello 2020-11-17T11:27:54Z https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529731#M149638 <P><U><STRONG>i will give u an example:</STRONG></U></P><P>i have a two fields:<BR />1) message<BR />2) str</P><P>- lets assume that str contains the string<SPAN>&nbsp;</SPAN><STRONG>"high cpu".</STRONG></P><P>- i want to search all the logs which their<SPAN>&nbsp;</SPAN><U>message field</U><SPAN>&nbsp;</SPAN>contain the value of str:&nbsp;all the logs which their message field contain "high cpu".</P><P>-i want to do it dynamically - something like that:<BR />index = a | search message= {str}* //&nbsp; all logs with message field which<SPAN>&nbsp;</SPAN><U><STRONG>contain</STRONG></U><SPAN>&nbsp;</SPAN>the content of str field</P> Tue, 17 Nov 2020 11:59:34 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529731#M149638 dordavid 2020-11-17T11:59:34Z https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529739#M149642 <P>Hi <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225056">@dordavid</a>&nbsp;... From the post -&nbsp;</P><P><A href="https://community.splunk.com/t5/Splunk-Search/How-to-check-if-a-field-contains-a-value-of-another-field/m-p/247843" target="_blank">https://community.splunk.com/t5/Splunk-Search/How-to-check-if-a-field-contains-a-value-of-another-field/m-p/247843</A></P><P>&nbsp;</P><P><BR />your search | eval result=if(like(field2,"%".field1."%"),"Contained","Not Contained")</P><P><BR />OR</P><P>| where match(field2,field1)</P> Tue, 17 Nov 2020 12:32:46 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529739#M149642 inventsekar 2020-11-17T12:32:46Z https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529752#M149646 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225056">@dordavid</a>,</P><P>try my first solution or the solution by&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/80737">@inventsekar</a>&nbsp; that's equivalent.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 17 Nov 2020 13:32:38 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-a-field-which-contain-text-from-another-field/m-p/529752#M149646 gcusello 2020-11-17T13:32:38Z