Hello, splunk community.
I tried to exec subsearch command for adding search condition of "main" search.
Datas of target of subsearch have single field named nameOfFruit.
... and so on
I wrote search command like this,
index=main [search index=sub | return nameOfFruit]
but it didn't work yet.
How should i write?
or can't i do this?
Of course, before i ask this question, I found related articles below.
but any answer of these question didn't work well.
[How to return raw data results from subsearch query?]
[Appending search results with subsearch fields.]
[Filter search results based on return value of subsearch]
[return command - exit (or return known value) if no results found]
Thanks in advance for your reply.
I tried the command suggested in your answer.
but, it didn't work.
I confirmed the command below worked well.
index=sub | table nameOfFruit
However, the commands below didn't work well...
#empty result was returned.
index=main [search index=sub | table nameOfFruit] [search index=sub | table nameOfFruit]
Thank you for your comment.
I tried your suggestion, then the command seemed to work well.
so... I might bark on the wrong tree.
Actually, This problem is just that result of main search command(including search condition of "sub" search result) return empty.
I'm sorry for trouble you.