Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to read a return value

smolcj
Builder
‎11-05-2012 03:47 AM

hi,
if we are using a return command in a subsearch. how can we read the output of the search.
for ex:
if the search is like:
index=newindex source=filename.txt| return $PC_Rename |fields PC_Rename

how can we read the output of this search.PC_Rename consists of only one value , i just want t display the value in it.

please help 😞
thankyou for your time

Tags (1)
0 Karma
Reply

Ayn
Legend
‎11-05-2012 07:47 AM

Have a look at the format command. It lets you define in which format subsearch results are returned, so you can define a format that is suitable for using with eval for instance if you want to write the value to a variable that you then use for showing somewhere like a SingleValue module.

0 Karma
Reply

Ayn
Legend
‎11-06-2012 01:35 AM

Yes? What does the number of arguments have to do with it? I don't see how using format would not be the way forward.

0 Karma
Reply

smolcj
Builder
‎11-05-2012 09:22 PM

Thanks Ayn for your response, but when i look into format command, it needs 6 args, but i just want to read the value returned by my search in a variable and i want to display it in another dashboard or form using that variable. i am stuck with reading the returned value.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...