So, let’s see,Įxample: 1 index=employee_info_main | table Employee_Name | dedup Employee_Name | search “ employee_info_main”, you can use subsearch to do that. “employee_info_sub” inside the 1st index i.e. Now, if you want to search for the values of “ Employee Name” field of the 2nd index i.e. Now, as you can see the field “ Employee_Name” contains names of 3 employees. index=employee_info_sub | table Employee_Name | dedup Employee_Name Please, see the below query to see the data for index “ employee_info_sub”, which we will use as the “ subsearch”. ![]() Now, as you can see the field “ Employee_Name” contains names of 5 employees. index=employee_info_main | table Employee_Name | dedup Employee_Name ![]() Please, see the below query to see the data for index “ employee_info_main” which we will use as “Primary Search”. “ Employee_Name”, which contains the names of some employees. Here, we will use two indexes, 1) employee_info_main 2) employee_info_subĪnd from these two indexes, we are going to take a common field i.e. 1) A subsearch is a search that is used to reduce the set of events from your result set.Ģ) The result of the subsearch is used as an argument to the primary or outer search.ģ) Subsearches must be enclosed in square brackets and must start with a Generating command (eg: search, makeresults etc.).If you want to know more about generating commands, click here.įirst, let me show you the data we are going to use to show you the usage of “ subsearches”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |