My subsearch contains this predefined field, and I'm trying to use it to search my main search that gets the field using rex, but I get no results.
I've tried a few different things:
host=blah... [search...| table my_field] | rex field=_raw "...<my_field>..."
host=blah... |rex field=_raw "...<my_field>..." | regex [search... | table my_field]
host=blah... | rex field=_raw "...<my_field>..." | regex my_field=[search...| table my_field]
Try this
host=blah... | rex field=_raw "...<my_field>..." | search [search... | table my_field ]
Try this
host=blah... | rex field=_raw "...<my_field>..." | search [search... | table my_field ]
so simple. thanks!