×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
silence09
Engager
Member since: ‎05-18-2023
‎05-19-2023
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎05-18-2023
View All

Re: search based on embedded search and partial st...

by SplunkTrust in Splunk Search
‎05-19-2023 03:28 AM
1 Karma
‎05-19-2023 03:28 AM
1 Karma
Since you didn't provide details of your actual searches, I will use a dummy example. index=foo sourcetype=bar "search text" [search index=bar sourcetype=foo "search string 2" | eval extendedproductcode = "*".productcode | dedup extendedproductcode | table extendedproductcode] This effectively equates to  index=foo sourcetype=bar "search text" ( extendedproducttype="*5556" OR extendedproducttype="*5557" ) SPL is not SQL - it processes a stream of events in a pipeline - each command in the pipeline processes events from the previous command and passes events on to the next command - with subsearches (the command pipeline in square brackets []), the subsearch is processed first so that the result can be used by the outer search ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-19-2023 02:49 AM
Karma given to
View All