How to use the result from one function into anoth...

splunkymage · ‎08-31-2021

Hello all, I need help with this :((
How to use derivatives of 1st function results into the 2nd function in splunk? Please see the example below:

1st function: for instance, from the first eval, i got the names of the top 100 sold fruits and their respective companies.

2nd function: From this top 100 fruits, I would like to then, search for the fruits import-export countries (ie the export country (origin) and imported (destination) country). Each of the fruits may have more than 1 set of export-import. How do I go about doing it? What's the syntax to get the top 100 fruits into the second function? Any guidance appreciated

ITWhisperer · ‎08-31-2021

You can use the results of one search to filter the results of another search

search 2 [search 1]

Search 1 would return the import/ export countries of the top 100 selling fruits, which are then used as part of the filter for search 2. In search 1 you can sort then truncate the results using head 100.

How to use the result from one function into another function

field extraction

fields

metadata

search job inspector

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

AI for AppInspect

Join the Conversation