Splunk Search

Need to pipe values with out using sub search

splunknewbie05
Explorer

I have a search that returns values using stats command which needs to be piped to do another search

index=myindex1 sourcetype=“source1” mymessage=“Helloworld” | stats values(id) as ID

Assuming that ID now contains all unique id values

Now I need to use these ID values and perform another search in a different source type. Is it possible to do this with out having to use sub search

Lets say the following query gives id values as 1, 2, 5, 6, 7.

index=myindex1 sourcetype=“source1” mymessage=“Helloworld” | stats values(id) as ID

Now I need to do search search for mymessage=“Foo” in sourcetype=“source2” where values in (1,2,5,6,7)

How can we do this with out using sub search?

0 Karma

splunknewbie05
Explorer

I didn't quite get the article. Can you explain how i can achieve in the examples I asked for?

0 Karma

ramdaspr
Contributor

Refer to this post

0 Karma

splunknewbie05
Explorer

I didn't quite get the article. Can you explain how i can achieve in the examples I asked for?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...