Splunk Search

How to pass multiple search field into new search with AND/OR conditions?

Explorer

Hi im currently having a search that result multiple field, and i wish to pipe those values into a new search that match some and/or condition. how can i do this?

Index A search result:

A1  | B1 | C1 | D1
              | D2

It will then search index B and should only show result that match (A1 and B1 and D1) OR (A1 and B1 and D2)

Tags (1)
0 Karma
1 Solution

Explorer
0 Karma

Explorer
0 Karma