How to use the result from one function into anoth...

splunkymage · ‎08-31-2021

Hello all, I need help with this :((
How to use derivatives of 1st function results into the 2nd function in splunk? Please see the example below:

1st function: for instance, from the first eval, i got the names of the top 100 sold fruits and their respective companies.

2nd function: From this top 100 fruits, I would like to then, search for the fruits import-export countries (ie the export country (origin) and imported (destination) country). Each of the fruits may have more than 1 set of export-import. How do I go about doing it? What's the syntax to get the top 100 fruits into the second function? Any guidance appreciated

ITWhisperer · ‎08-31-2021

You can use the results of one search to filter the results of another search

search 2 [search 1]

Search 1 would return the import/ export countries of the top 100 selling fruits, which are then used as part of the filter for search 2. In search 1 you can sort then truncate the results using head 100.

How to use the result from one function into another function

field extraction

fields

metadata

search job inspector

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation