Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can I chain together two searches in Splunk Web?

gehogan3
Explorer
‎05-31-2012 09:56 AM

Is it possible to chain together two searches? Basically, need to grab the IP address from my webserver logs (if it received a 503 status code) and match it up with my app server logs (log4j).

This gives me the list of apache calls which resulted in a 503 status code:

index=weblogs status=503

I want to use "clientip" from these matches as the key for a lookup on another index.

Is that possible?

Thanks!

Tags (1)
0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎05-31-2012 10:02 AM

You should be able to use subsearches for this. See How subsearches work in the documentation.

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...