Splunk Search

How can I inject all rex field events from 1st search to 2nd search?

mikeyty07
Communicator

I am planning to build a dashboard where all the extracted traceId # are collected and injected to another search criteria where only the extracted traceId # from 1st search is passed to 2nd search and have a results, total count for the 1st search and total count for second search only with those regex traceId.

I used the drop down and used regex but when passing the token, I.m selecting all the traceId where it passes as * in second search which is searching all not from the 1st search.

is there a way to inject the 1st searched traceId to 2nd search ? 

Labels (5)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Please can you provide more details on what you have so far as your description is a little vague and confusing?

0 Karma

mikeyty07
Communicator

i want to trace logs for specific api that runs in sequence for specific transsaction.
like  api/search/brand--> api/buy/gucci --> api/gucci/custom -->api/purchased. and these logs have one field in common TrackingID. Is there a way to get all these logs events in table for total count of the api searched for api/search/clothes and the TrackingID from the first api to the second  api/buy/gucci total count and so on.

2023-05-11T15:06:14 TrackingID =abcdgucci123 duration=600 uri="/api/search/brand" source=xyz

2023-05-11T15:06:15 TrackingID =abcdgucci123 duration=500 uri="/api/buy/gucci" source=brb

2023-05-11T15:06:16 TrackingID =abcdgucci123 duration=500 uri="/api/gucci/custom" source=idk

2023-05-11T15:06:17 TrackingID =abcdgucci123 duration=500 uri="/api/purchased" source=abc

this is just an example of logs there would be hunderds of these logs. Is there a way to get count of all api in table for the count of api called and so on through the TrackingID to the next api being called?

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Do you mean

| stats count by TrackingID uri
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...