I am trying to create a search that gets the top value of a search and saves it to a variable:
| eval top=[| eval MB_in=bytes_in/1024/1024 | stats sum(MB_in) by c_ip | rename sum(MB_in) as "T...
...ield2
| rename field1 AS query
```| rename field2 AS query```
] Below post only rename one field as query. https://community.splunk.com/t5/Splunk-Search/How-to-use-subsearch-w...
...ime) I am trying to use the start and stop time for aappended subsearch on other data/subsearch (by append or appendcols or whatever...)
rtime,start,stop
"2023-07-02",0,0
"2...
Hi All,
I am trying correlate 2 different search queries using where with subsearch
it goes like this:
host="host1" | table Value1
above search give result : 40
host="host2" | where V...
...he following:
eval ResponseSize=eventcount * 4
The 4mb might change so there is another place in the log file that prints what that size is.
Can I do asubsearch to pull this number and use...
I have logs being stored in json that shows accounts being given access to data. I need to validate that the accts are valid. I am trying to run asubsearch that will get the list of accounts(use...
I have a first search, that return "system1"
Then I want to use that value, to get the appropriate value out of asubsearch timechart :
first restult :
system
system1
second r...
Hi, Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearchas "like" condition in main search, something like: To examples: 1)&n...
hi every one,
I want to make a search that could give me the same result of SQL Querie
select id_product from products where price = (
select max price from products )
thank you
I'd like to prevent code / search syntax duplication; but often times I want to use the results of a saved search to be used as the query for a bigger search. Is there a way to call an existing s...