How to use the result from one function into anoth...

splunkymage · ‎08-31-2021

Hello all, I need help with this :((
How to use derivatives of 1st function results into the 2nd function in splunk? Please see the example below:

1st function: for instance, from the first eval, i got the names of the top 100 sold fruits and their respective companies.

2nd function: From this top 100 fruits, I would like to then, search for the fruits import-export countries (ie the export country (origin) and imported (destination) country). Each of the fruits may have more than 1 set of export-import. How do I go about doing it? What's the syntax to get the top 100 fruits into the second function? Any guidance appreciated

ITWhisperer · ‎08-31-2021

You can use the results of one search to filter the results of another search

search 2 [search 1]

Search 1 would return the import/ export countries of the top 100 selling fruits, which are then used as part of the filter for search 2. In search 1 you can sort then truncate the results using head 100.

How to use the result from one function into another function

field extraction

fields

metadata

search job inspector

New Year. New Skills. New Course Releases from Splunk Education

Splunk and TLS: It doesn't have to be too hard

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Join the Conversation