Hi All,
I am looking for a query which will accept multiple value subsearch output as a input of main serach, See below :
index=myIndex UniqueReqId in [ search index=myIndex MyLogger | dedup UniqueReqId | stats count(UniqueReqId) as "Total user" by UniqueReqId ]
This sub search "search index=myIndex MyLogger | dedup UniqueReqId | stats count(UniqueReqId) as "Total user" by UniqueReqId" will return multiple value like below :
UniqueReqId Total user
002cc2c7-b1e4-49de-bbd3-caa6c2e741e3 1
00426627-98cf-4dd5-97b6-af4cde045286 1
00567c49-5638-4a0c-a803-04d0b3662aac 1
006ef351-33b8-40ed-b320-28473ea1f481 1
00caf75c-deed-4581-ab5a-04929b1a943d 1
00ff69ef-d57c-43ad-9b64-38cf39b94f6f 1
01395957-648b-4e9a-ac76-7fa68f833fce 1
01e82329-3d58-4d11-bdca-88100a2dc85c 1
02084578-869a-4ce5-bc20-b86c3fea34d2 1
021272cb-c043-483f-8512-244210471c63 1
02191c34-b485-4a6d-9d77-53f0a8e7875c 1
0228ff59-27f8-47e1-a38f-88acdb94fb22 1
028177b6-f2f3-4c53-948e-558d51287d43 1
02be90c8-5737-4f89-a204-2a3ea5f79047 1
02df9ecb-29bf-4aad-b479-26fde9b6ca94 1
02e2ef7f-ea55-4311-b724-c06fe5ab416d 1
02e7bacd-4579-44c6-b4c2-be0a4fbf4566 1
02eb4faa-39c1-431d-9590-a1fabc7eecd8 1
031229db-d4ef-4783-b649-9a1e738d495a 1
03216368-6d8e-42e9-8fb1-e2ace7794f4c 1
Now whatever the value we are getting in column UniqueReqId, we need to use each value one by one to the main query in UniqueReqId=EachValue.
Like Sample example :
index=myIndex UniqueReqId IN [002cc2c7-b1e4-49de-bbd3-caa6c2e741e3,00426627-98cf-4dd5-97b6-af4cde045286,00426627-98cf-4dd5-97b6-af4cde0452dsd,etc]
I searched a lot but did not get the solution for my requirement however got the solution for single value subsearch output as input for main search.
Thanks,
Wasim
... View more