Need to pipe values with out using sub search

splunknewbie05 · ‎05-04-2015

I have a search that returns values using stats command which needs to be piped to do another search

index=myindex1 sourcetype=“source1” mymessage=“Helloworld” | stats values(id) as ID

Assuming that ID now contains all unique id values

Now I need to use these ID values and perform another search in a different source type. Is it possible to do this with out having to use sub search

Lets say the following query gives id values as 1, 2, 5, 6, 7.

index=myindex1 sourcetype=“source1” mymessage=“Helloworld” | stats values(id) as ID

Now I need to do search search for mymessage=“Foo” in sourcetype=“source2” where values in (1,2,5,6,7)

How can we do this with out using sub search?

splunknewbie05 · ‎05-04-2015

I didn't quite get the article. Can you explain how i can achieve in the examples I asked for?

ramdaspr · ‎05-04-2015

Refer to this post

splunknewbie05 · ‎05-04-2015

I didn't quite get the article. Can you explain how i can achieve in the examples I asked for?

Are you a member of the Splunk Community?