Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Questions about federated search subsearch?

KwonTaeHoon
Path Finder
‎02-28-2023 12:24 AM

Hello

I want to ask a question about subsearch.

When submitting a fed command without using it, an error message occurs as follows.

Before setting federated search ]

index=fw | join src_ip [ sourcetype=ips | stats count by src_ip ]

>> Result : OK

After setting federated search ]

index=fw | join src_ip [ sourcetype=ips | stats count by src_ip ]

>> Result : NG
Error : Search command can only accept one federated index.

Is there any solution?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

nejmeddine
Loves-to-Learn
‎05-04-2023 07:30 AM

can i use federated search between different versions splunk ?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top