Hi everyone, My post is huge. sorry for that. I need suggestion from you for the query I framed. I have 2 lookup used (lookfileA, lookfileB) column: BaseA > count by division in lookupfileA c...
Anything wrong with this join and subsearch? I know there are events which should match based on the 'cs_host' field. Not sure if the rename is confusing things, or my syntax is off slightly.
i...
I am trying to run a query like below but I am limited to 10000 sub search result. Is there a way to make this query run for more than 10000 sub search result. search index="sample_index" "Kuber...
...o apply subsearch logic to get failed savedsearch_name and scheduled_time. I can pass savedsearch_name but not the scheduled_time. So my idea is I need to run a first query to take failed s...
...oreach since the metric I want to calculate involves streaming commands. Foreach does not support that. - I think I can't use a subsearch since it is executed first where the top servers are not known y...
...equested_cpus, SUM(reserved_ram) as reserved_ram, SUM(requested_ram) as requested_ram, SUM(used_ram) as used_ram, SUM(compute_ram_total) as compute_ram_total, count as agg_field_seen WHERE (index=monitor (h...
Hi All,
I am trying correlate 2 different search queries using where with subsearch
it goes like this:
host="host1" | table Value1
above search give result : 40
host="host2" | where V...
...his'll require a subsearch because it uses search results from one host to filter results on another host. But I do not know where to start to create a query like this.
Have a search that returns emails of interest (possibly malicious). Trying to add a subsearch that will return a count of how many times each sender address has been seen in the last 30 days (r...