Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Saved "search components"?

jcfergus
Engager
‎11-08-2011 07:32 AM

From what I've been reading, I don't see that this is possible, but... Is there any way to create a saved search that is really just designed to be used as a component of another search?

For example, I'd like to be able to create a saved search called "field_filter", which simply contains:

|fields myfield1, myfield2, myfield3

(It would really be a much longer list of fields.) I'd then like to be able to pipe any other search through that filter. The obvious mechanisim would have been to use |savedsearch field_filter at the end of my primary search, but that doesn't work ("savedsearch must be the first item in a search"). Is this possible?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

RicoSuave
Builder
‎11-08-2011 07:42 AM

You could do this with a macro. Take a look at the docs. Your search would then be something like my search | 'yourmacro'

View solution in original post

Reply
Solved! Jump to solution
Solution

RicoSuave
Builder
‎11-08-2011 07:42 AM

You could do this with a macro. Take a look at the docs. Your search would then be something like my search | 'yourmacro'

Reply
Solved! Jump to solution

jcfergus
Engager
‎11-08-2011 07:58 AM

Ah, well, that's annoyingly obvious now that I know the right terminology. sighs Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...