cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Dakxh
Explorer
Member since: ‎03-11-2018
‎02-12-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎03-11-2018
Activity Feed
View All

Re: Pass parent search field value to a subsearch

by in Splunk Search
‎03-11-2018 09:54 PM
‎03-11-2018 09:54 PM
Thank you !! i removed "| return Image_Path" - now i got what i need !!! ... View more

Re: Pass parent search field value to a subsearch

by in Splunk Search
‎03-11-2018 09:18 PM
‎03-11-2018 09:18 PM
Thanks a lot, index=risk Image_Path=C:\windows\hosts.exe | dedup Image_Path | return Image_Path "| return Image_path " creating new field "search" with value Image_Path="C:\windows\hosts.exe" but we don't have field search in index=endpoint ? here field name is Image_Path and value is C:\windows\hosts.exe alone any help on this. ... View more

Pass parent search field value to a subsearch

by in Splunk Search
‎03-11-2018 07:17 AM
‎03-11-2018 07:17 AM
Hi, I want to know if there is a way to pass parent search field value as source/input for sub-search for a different sourcetype and then stats its field. e.g) we have an index=risk and the field value extracted from there is Image_Path=C:\windows\hosts.exe and one more index=endpoint which shares common field Image_Path and another field MD5 with different time period. So i need to extract Image_Path value from the index=risk and then it needs to chained to sub-search with index=endpoint + extracted field value | then it needs to be stats Values(Image_Path) by MD5. Can this be done ? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-12-2021 01:49 AM
Karma given to
View All