We are needing to do a search on "Text 1", then we take a dynamic value that's displayed there and do another search on that....then within those results we are looking for a log that contains "User: xxx".
Is there a way to combine this so that we can do just one search and find the one result?
Thanks!
Yes, you use a subsearch
for the first search and within that subsearch you use rex
to reate the dynamic field with value which will be passed to the outer search which has User=xxx
:
https://docs.splunk.com/Documentation/Splunk/6.6.1/SearchTutorial/Useasubsearch
http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/SearchReference/Rex
Yes, you use a subsearch
for the first search and within that subsearch you use rex
to reate the dynamic field with value which will be passed to the outer search which has User=xxx
:
https://docs.splunk.com/Documentation/Splunk/6.6.1/SearchTutorial/Useasubsearch
http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/SearchReference/Rex