×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
johntaddei
New Member
Member since: ‎05-11-2011
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-11-2011
View All

Take output of one search and use to create a tabl...

by in Splunk Search
‎07-06-2015 12:14 PM
‎07-06-2015 12:14 PM
Hi - email guy here... I need to query message headers that meet a criteria, then use the returned QueueIDs to run a second search that produces a table of information. Jul 6 14:41:55 blah.com sm-mta[2048]: t66Ifbqe002048: Milter insert (2147483646): header: X-IBE-Encrypted-Signer-District: blah.com host = mailserver.blah index = mail source = /var/log/maillog sourcetype = mail 7/6/15 2:35:45.000 PM Jul 6 14:35:45 blah2.com sm-mta[28881]: t66IZiJ6028881: Milter insert (2147483646): header: X-IBE-Encrypted-Signer-District: blah2.com host = mailserver.blah2.com index = mail source = /var/log/maillog sourcetype = mail The above t66 values should be the input to a second query that gets me the message information like "To: From:", etc. I would like a chart that shows: Domain Name To: From: blah.com john.doe@somedomain.com user1@blah.com blah2.com jane.doe@otherdomain.com newuser@blah2.com ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM