×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
juanian
Engager
Member since: ‎08-02-2012
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎08-02-2012
Topics I've Started
No posts to display.
View All

Re: Can a subsearch return only the value (without...

by in Splunk Search
‎08-02-2012 07:23 PM
1 Karma
‎08-02-2012 07:23 PM
1 Karma
One more tidbit. I was having a problem with my multi-result subsearch only returning one value (to the main search) when I used the fieldname search. On a lark, I happened to try using the fieldname query (instead of search), and then my subsearch returned more than one value. I've tried and tried to find the difference between search and query mentioned in the documentation somewhere, but (so far) I've not had any luck. (Heck, the documentation for "format" doesn't even mention that it does anything special with fields named search or query - isn't that where it should be mentioned? There is that partial sentence (in the above answer and in the How Subsearches Work section) that says "Multiple results will return" - maybe that sentence was also supposed to mention the use of the fieldname query?) Sorry - I've only been using Splunk for about a week, so I'm just in the learning phase at the moment. So far, I like Splunk - figuring out how to make use of its power has been the challenging part 🙂 . ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All