- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Is there a way to use post process searching for a...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I have a subsearch that is the same in a couple panels and their searches, but I've been looking for a way to do that subsearch once and call those results into those panels.
I've only come across post process searching that seems to be in the right direction, but from all the examples I've seen, it doesn't allow you to use those results as a subsearch, but only as the basis search or front end of the search.
Is there a way to have a similar post process searching except for a subsearch statement?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm just gonna bite the bullet and learn advanced xml to use sideview result setter module. It will also open up the opportunity to use different functions that aren't accessible in simple xml.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm just gonna bite the bullet and learn advanced xml to use sideview result setter module. It will also open up the opportunity to use different functions that aren't accessible in simple xml.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ask yourself a different question: Why do you need to run a subsearch? Usually you can avoid subsearches if you approach your goal in a different way.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The thing is, I was kind of looking for a way to use post process searching in a backway of storing a result and using it in multiple searches. For example, I have a user input network ID and I have a macro that generates their ip address. From this ip address, I am running multiple searches. Instead of having to run the macro for each search, I was looking for a way to run it once and store the result to use in the other searches. It seems the most widely used solution for this issue is just using advanced xml with sideview and using their result value setter module.
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
Updated Team Landing Page in Splunk Observability
