Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Saved "search components"?

jcfergus
Engager
‎11-08-2011 07:32 AM

From what I've been reading, I don't see that this is possible, but... Is there any way to create a saved search that is really just designed to be used as a component of another search?

For example, I'd like to be able to create a saved search called "field_filter", which simply contains:

|fields myfield1, myfield2, myfield3

(It would really be a much longer list of fields.) I'd then like to be able to pipe any other search through that filter. The obvious mechanisim would have been to use |savedsearch field_filter at the end of my primary search, but that doesn't work ("savedsearch must be the first item in a search"). Is this possible?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

RicoSuave
Builder
‎11-08-2011 07:42 AM

You could do this with a macro. Take a look at the docs. Your search would then be something like my search | 'yourmacro'

View solution in original post

Reply
Solved! Jump to solution
Solution

RicoSuave
Builder
‎11-08-2011 07:42 AM

You could do this with a macro. Take a look at the docs. Your search would then be something like my search | 'yourmacro'

Reply
Solved! Jump to solution

jcfergus
Engager
‎11-08-2011 07:58 AM

Ah, well, that's annoyingly obvious now that I know the right terminology. sighs Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...