Is it possible to use the result value of a subsearch as a fulltext (or wildcard) search in the outer search. I have a subsearch like this:
servertype=abc "some search terms" | fields correlation_id
and now I want to use the resulting correlation ids to find other entries, but these entries do not have a dedicated correlation_id field, it is just somewhere inside the text, so this is not working
servertype=xyz "some other seach terms" [search servertype=abc "some search key" | fields correlation_id]
because splunk is searching for a correlation_id field, which does not exist.
This is a very simplified example, but I hope you get my problem.
... View more