Splunk Search

Is there a way to use post process searching for a subsearch instead of tacking it onto the front of subsequent searches as per norm?

kkas
Path Finder

So I have a subsearch that is the same in a couple panels and their searches, but I've been looking for a way to do that subsearch once and call those results into those panels.
I've only come across post process searching that seems to be in the right direction, but from all the examples I've seen, it doesn't allow you to use those results as a subsearch, but only as the basis search or front end of the search.

Is there a way to have a similar post process searching except for a subsearch statement?

Tags (2)
0 Karma
1 Solution

kkas
Path Finder

I'm just gonna bite the bullet and learn advanced xml to use sideview result setter module. It will also open up the opportunity to use different functions that aren't accessible in simple xml.

View solution in original post

0 Karma

kkas
Path Finder

I'm just gonna bite the bullet and learn advanced xml to use sideview result setter module. It will also open up the opportunity to use different functions that aren't accessible in simple xml.

0 Karma

MuS
SplunkTrust
SplunkTrust

Ask yourself a different question: Why do you need to run a subsearch? Usually you can avoid subsearches if you approach your goal in a different way.

0 Karma

kkas
Path Finder

The thing is, I was kind of looking for a way to use post process searching in a backway of storing a result and using it in multiple searches. For example, I have a user input network ID and I have a macro that generates their ip address. From this ip address, I am running multiple searches. Instead of having to run the macro for each search, I was looking for a way to run it once and store the result to use in the other searches. It seems the most widely used solution for this issue is just using advanced xml with sideview and using their result value setter module.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...