Solved: Can i write a base search in another base search

renuka · ‎05-06-2021

<search id="base_query_filter">
<query>
Index=a,sourcetype=x,eval y=A+B</query>
</search>

<search id="base_query">
<query>
index=a,sourcetype=x,eval y=A+B -(here can i consider the base_query_filter base search)
join type =inner max=0(index=b,sourtype=y)</query>
<search>

Is it possible to consider one base search in another base search id?

Thank You in advance

Renuka

kamlesh_vaghela · ‎05-06-2021

@renuka

You can try something like this.

<search id="base_query_filter">
          <query>
            Index=a,sourcetype=x,eval y=A+B
        </query>
        </search>

        <search base="base_query_filter" id="base_query">
        <query>
        join type =inner max=0(index=b,sourtype=y)</query>
        </search>

View solution in original post

kamlesh_vaghela · ‎05-06-2021

@renuka

You can try something like this.

<search id="base_query_filter">
          <query>
            Index=a,sourcetype=x,eval y=A+B
        </query>
        </search>

        <search base="base_query_filter" id="base_query">
        <query>
        join type =inner max=0(index=b,sourtype=y)</query>
        </search>

renuka · ‎05-06-2021

@kamlesh_vaghela

Thank you so much

Can i write a base search in another base search

other

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk