Splunk Search

Is there a way to use post process searching for a subsearch instead of tacking it onto the front of subsequent searches as per norm?

kkas
Path Finder

So I have a subsearch that is the same in a couple panels and their searches, but I've been looking for a way to do that subsearch once and call those results into those panels.
I've only come across post process searching that seems to be in the right direction, but from all the examples I've seen, it doesn't allow you to use those results as a subsearch, but only as the basis search or front end of the search.

Is there a way to have a similar post process searching except for a subsearch statement?

Tags (2)
0 Karma
1 Solution

kkas
Path Finder

I'm just gonna bite the bullet and learn advanced xml to use sideview result setter module. It will also open up the opportunity to use different functions that aren't accessible in simple xml.

View solution in original post

0 Karma

kkas
Path Finder

I'm just gonna bite the bullet and learn advanced xml to use sideview result setter module. It will also open up the opportunity to use different functions that aren't accessible in simple xml.

0 Karma

MuS
SplunkTrust
SplunkTrust

Ask yourself a different question: Why do you need to run a subsearch? Usually you can avoid subsearches if you approach your goal in a different way.

0 Karma

kkas
Path Finder

The thing is, I was kind of looking for a way to use post process searching in a backway of storing a result and using it in multiple searches. For example, I have a user input network ID and I have a macro that generates their ip address. From this ip address, I am running multiple searches. Instead of having to run the macro for each search, I was looking for a way to run it once and store the result to use in the other searches. It seems the most widely used solution for this issue is just using advanced xml with sideview and using their result value setter module.

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...