...34b7b96-094d-45bb-b03d-f9c98a4efd5f …that I then want to useas input for another search on the same index I looked at manual and can see that subsearches are allowed [About subsearches - Splunk D...
Hello, I would like to useasubsearch to literally paste a command into the SPL e.g.: | makeresults
[| makeresults
| eval test="|eval t1 = \"hello\""
| return $test] &n...
I am trying to do a search to get all of the POID values and then use them in a 2nd search to see if they appear anywhere. How can I accomplish this? index=aws_esf_prod sourcetype="aws:/a...
Hello, I am trying to useasubsearch in order to create a dashboard, but being the subsearches have limitations it is timing out and not producing results. I know the code works when I shorten t...
Hi,
I have a search query which returns multiple values. For example, the search query returns abc, def, ghi.
I need to take this as input and i need to perform a search of these values. T...
Have a search that returns emails of interest (possibly malicious). Trying to add asubsearch that will return a count of how many times each sender address has been seen in the last 30 days (r...
...oreach since the metric I want to calculate involves streaming commands. Foreach does not support that. - I think I can't useasubsearch since it is executed first where the top servers are not known y...
In one of the search strings, I have an event from which i extract the correlation ids and in turn want to search through there correlation ids to get an event which has a text in from of the c...
Hi Splunk friends, looking for some help in this use case
i'm trying to use results from asubsearch to feed a search, however;
1) subsearch is results of a regex pull
2) i would like the r...