Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Subsearch Not Filtering Results

jcullins21
New Member
‎06-13-2018 05:05 AM

I am trying to pull a list of filtered IPs from one index and then use that list as a reference to see external traffic from another index. When I run the subsearch command alone it works perfectly and gives me the list I desired. But when I throw the outer search in the mix it gives me all the IP addresses associated with "that_place" and nothing is filtered.

Index= two sourcetype=two dest_ip!=22.*
[ search index=one sourcetype=one
os_type="Thing_1" OR os_type="Thing_2" OR os_type="Thing_3"
NOT os_type!="Thing_4"
NOT os_description="Thing_5"
NOT os_description="Thing_6"
NOT os_hostname="Thing_7"
place="that_place" rename ip AS src | dedup src | table src]
| table src,dest_ip,dest_port,bytes_in,bytes_out

I'm pretty new to Splunk and I know there has to be a better way to complete a simple search across different indexes.

0 Karma
Reply

jcullins21
New Member
‎06-14-2018 12:36 AM

Sorry that was a typo. should read:

place="that_place" | rename ip AS src

0 Karma
Reply

sushantmhatre
Explorer
‎06-13-2018 02:16 PM

place="that_place" rename ip AS src

In your rename command, there is no leading pipe or its typo ?

Anyways I think better to move dedup in outer search

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...