I tried to use the value of main search regex in subsearch rex .
Main search |rex "(?regular expression)"|append [search |rex "(?$val)"] Main search |rex "(?regular expression)"|append [search |rex "(?regular expression)"]|search val=va1
both are not working. Please suggest what to do.
You do this with the map command like this:
map
search to set val | rex "(?<val>RegExHere)" | map search="search $val"
Or reverse your logic like this:
search [search to set val | rex "(?<val>RegExHere)" | return $val]
You can't pass value from outer search to subsearch. What is your requirement here (samples/current query/expected output)?
