Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I inject all rex field events from 1st search to 2nd search?

mikeyty07
Communicator
‎05-10-2023 07:59 AM

I am planning to build a dashboard where all the extracted traceId # are collected and injected to another search criteria where only the extracted traceId # from 1st search is passed to 2nd search and have a results, total count for the 1st search and total count for second search only with those regex traceId.

I used the drop down and used regex but when passing the token, I.m selecting all the traceId where it passes as * in second search which is searching all not from the 1st search.

is there a way to inject the 1st searched traceId to 2nd search ? 

Labels (5)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-10-2023 08:46 AM

Please can you provide more details on what you have so far as your description is a little vague and confusing?

0 Karma
Reply

mikeyty07
Communicator
‎05-11-2023 08:36 AM

i want to trace logs for specific api that runs in sequence for specific transsaction.
like  api/search/brand--> api/buy/gucci --> api/gucci/custom -->api/purchased. and these logs have one field in common TrackingID. Is there a way to get all these logs events in table for total count of the api searched for api/search/clothes and the TrackingID from the first api to the second  api/buy/gucci total count and so on.

2023-05-11T15:06:14 TrackingID =abcdgucci123 duration=600 uri="/api/search/brand" source=xyz

2023-05-11T15:06:15 TrackingID =abcdgucci123 duration=500 uri="/api/buy/gucci" source=brb

2023-05-11T15:06:16 TrackingID =abcdgucci123 duration=500 uri="/api/gucci/custom" source=idk

2023-05-11T15:06:17 TrackingID =abcdgucci123 duration=500 uri="/api/purchased" source=abc

this is just an example of logs there would be hunderds of these logs. Is there a way to get count of all api in table for the count of api called and so on through the TrackingID to the next api being called?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-11-2023 08:51 AM

Do you mean

| stats count by TrackingID uri
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...