I have 2 Splunk SPLs ===================== index=computer_admin source=admin_priv sourcetype=prive:db account_name=admin earliest=-1d | fields comp_name,comp_role,account_name,local_gp,gp_name | ...
See more...
I have 2 Splunk SPLs ===================== index=computer_admin source=admin_priv sourcetype=prive:db account_name=admin earliest=-1d | fields comp_name,comp_role,account_name,local_gp,gp_name | table comp_name,comp_role,account_name,local_gp,gp_name ===================== The comp_name fields has values such as , AAAAA, BBBBB, CCCCC, AFSGSH, GFDFDF, IUYTE, HGFDJ, ZZZZZ, YYYYYY, IIIIII, EEEEEE Basically I am looking for all the comp_names that the admin is on and copying the list to use in another SPL to get the comp owners. Second SPL : =================== index=computer_admin source=emp_card_details sourcetype="something:db" C_NAME IN (AAAAA, BBBBB, CCCCC, AFSGSH, GFDFDF, IUYTE, HGFDJ, ZZZZZ, YYYYYY, IIIIII, EEEEEE) | eval arl=lower(C_NAME) | stats values(asset_owner) by arl =================== Can we use subsearch or any thing similar to get it done in on SPL ? Any assistance ?