6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Splunk subsearch for regex outputs\",\"text\":\"

I want a single search query for below splunk query.

\\n\\n

First search will give me a dynamic field myorderid

\\n\\n

index=mylog \\\"trigger.rule: Id - * : Unexpected System Error\\\" | rex field=_raw \\\"Id -\\\"\\\"(?[^:]*)\\\" | table myorderid

\\n\\n

I want to pass the above myorderid in below search criteria

\\n\\n

index=mylog API=Order orderid=myorderid

\\n\\n

Can anyone please help me to create a single query using subsearch in splunk.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Gaurav Agrahari\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","search",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/search/1","children":"search"}]}],["$","span","splunk",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/splunk/1","children":"splunk"}]}],["$","span","splunk-query",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/splunk-query/1","children":"splunk-query"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://graph.facebook.com/10205214120510727/picture?type=large","alt":"Gaurav Agrahari","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/10695407/gaurav-agrahari","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Gaurav Agrahari"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",29]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Splunk subsearch for regex outputs"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I want a single search query for below splunk query.

\n\n

First search will give me a dynamic field myorderid

\n\n

index=mylog \"trigger.rule: Id - * : Unexpected System Error\" | rex field=_raw \"Id -\"\"(?[^:]*)\" | table myorderid

\n\n

I want to pass the above myorderid in below search criteria

\n\n

index=mylog API=Order orderid=myorderid

\n\n

Can anyone please help me to create a single query using subsearch in splunk.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",815]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","53454002",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/7329ada983c4168e237301dcedf0054b?s=256&d=identicon&r=PG","alt":"RichG","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2227420/richg","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"RichG"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",9916]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Have you tried the obvious?

\n\n

index=mylog API=Order orderid=\n[ search index=mylog \"trigger.rule: Id - * : Unexpected System Error\" \n    | rex \"Id - (?<myorderid>[^:]*)\" | fields myorderid ]\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","73386907",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/73386907","className":"text-blue-600 hover:underline","children":"Not able to match the regex"}]}],["$","li","69994671",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/69994671","className":"text-blue-600 hover:underline","children":"REGEX not working- Filter the Splunk results"}]}],["$","li","66643257",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/66643257","className":"text-blue-600 hover:underline","children":"Splunk query not endswith"}]}],["$","li","64915269",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/64915269","className":"text-blue-600 hover:underline","children":"Splunk: How to use multiple regular expressions in one query?"}]}],["$","li","64896757",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/64896757","className":"text-blue-600 hover:underline","children":"Splunk: How to extract field directly in Search command using regular expressions?"}]}],["$","li","61914347",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/61914347","className":"text-blue-600 hover:underline","children":"Search over multiple lines regex"}]}],["$","li","56458027",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/56458027","className":"text-blue-600 hover:underline","children":"regex operator in Splunk is not working to match results"}]}],["$","li","34210410",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34210410","className":"text-blue-600 hover:underline","children":"RegEx in Splunk Search"}]}],["$","li","24826858",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24826858","className":"text-blue-600 hover:underline","children":"Splunk regex query returning no results"}]}],["$","li","24311689",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24311689","className":"text-blue-600 hover:underline","children":"How to ignore a specific sub-string from Splunk query"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Splunk subsearch for regex outputs

Answers (1)

Related Questions