Splunk subsearch for regex outputs












0















I want a single search query for below splunk query.



First search will give me a dynamic field myorderid



index=mylog "trigger.rule: Id - * : Unexpected System Error" | rex field=_raw "Id -""(?[^:]*)" | table myorderid



I want to pass the above myorderid in below search criteria



index=mylog API=Order orderid=myorderid



Can anyone please help me to create a single query using subsearch in splunk.






search splunk splunk-query







share|improve this question



























    0















    I want a single search query for below splunk query.



    First search will give me a dynamic field myorderid



    index=mylog "trigger.rule: Id - * : Unexpected System Error" | rex field=_raw "Id -""(?[^:]*)" | table myorderid



    I want to pass the above myorderid in below search criteria



    index=mylog API=Order orderid=myorderid



    Can anyone please help me to create a single query using subsearch in splunk.






    search splunk splunk-query







    share|improve this question

























      0












      0








      0








      I want a single search query for below splunk query.



      First search will give me a dynamic field myorderid



      index=mylog "trigger.rule: Id - * : Unexpected System Error" | rex field=_raw "Id -""(?[^:]*)" | table myorderid



      I want to pass the above myorderid in below search criteria



      index=mylog API=Order orderid=myorderid



      Can anyone please help me to create a single query using subsearch in splunk.






      search splunk splunk-query







      share|improve this question














      I want a single search query for below splunk query.



      First search will give me a dynamic field myorderid



      index=mylog "trigger.rule: Id - * : Unexpected System Error" | rex field=_raw "Id -""(?[^:]*)" | table myorderid



      I want to pass the above myorderid in below search criteria



      index=mylog API=Order orderid=myorderid



      Can anyone please help me to create a single query using subsearch in splunk.






      search splunk splunk-query




      search splunk splunk-query






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 23 '18 at 11:55









      Gaurav AgrahariGaurav Agrahari

      1




      1
























          1 Answer
          1






          active

          oldest

          votes


















          1














          Have you tried the obvious?



          index=mylog API=Order orderid=
          
[ search index=mylog "trigger.rule: Id - * : Unexpected System Error" 
          
    | rex "Id - (?<myorderid>[^:]*)" | fields myorderid ]





          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53446260%2fsplunk-subsearch-for-regex-outputs%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            Have you tried the obvious?



            index=mylog API=Order orderid=
            
[ search index=mylog "trigger.rule: Id - * : Unexpected System Error" 
            
    | rex "Id - (?<myorderid>[^:]*)" | fields myorderid ]





            share|improve this answer




























              1














              Have you tried the obvious?



              index=mylog API=Order orderid=
              
[ search index=mylog "trigger.rule: Id - * : Unexpected System Error" 
              
    | rex "Id - (?<myorderid>[^:]*)" | fields myorderid ]





              share|improve this answer


























                1












                1








                1







                Have you tried the obvious?



                index=mylog API=Order orderid=
                
[ search index=mylog "trigger.rule: Id - * : Unexpected System Error" 
                
    | rex "Id - (?<myorderid>[^:]*)" | fields myorderid ]





                share|improve this answer













                Have you tried the obvious?



                index=mylog API=Order orderid=
                
[ search index=mylog "trigger.rule: Id - * : Unexpected System Error" 
                
    | rex "Id - (?<myorderid>[^:]*)" | fields myorderid ]






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 23 '18 at 23:53









                RichGRichG

                7261410




                7261410






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53446260%2fsplunk-subsearch-for-regex-outputs%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Berounka

                    Image
                    Berounka.mw-parser-output .entete.map{background-image:url("//upload.wikimedia.org/wikipedia/commons/7/7a/Picto_infobox_map.png")} Caractéristiques Longueur 139  km Bassin 8 861  km 2 Bassin collecteur Elbe Débit moyen ? Cours Source Confluence de la Mže et de la Radbuza · Localisation Pilsen · Altitude 305  m · Coordonnées 49° 45′ 13″ N, 13° 23′ 24″ E Confluence Vltava · Localisation Prague · Altitude 187  m · Coordonnées 49° 59′ 43″ N, 14° 24′ 04″ E Géographie Pays traversés   République tchèque modifier   La Berounka est une rivière de la République tchèque. Elle porte le nom de Mže depuis sa source en Allemagne près de la frontière jusqu'à sa confluence avec la Radbuza à Plzeň. Elle continue ensuite sous le nom de Berounka jusqu'à sa confluence avec la Vltava, près de Prague. La rivière est une destination prisée pour les amateurs de canoë, qui appréc
                    Read more

                    Fiat S.p.A.

                    Image
                    Cet article court présente un sujet plus développé dans : Fiat et Fiat Chrysler Automobiles. Fiat S.p.A. Fiat S.p.A. ( Fabbrica Italiana Automobili Torino , acronyme FIAT) est un groupe, notamment connu comme société-mère du constructeur automobile italien, Fiat. Portail des entreprises Portail de Turin Portail de l’automobile This page is only for reference, If you need detailed information, please check here
                    Read more

                    Type 'String' is not a subtype of type 'int' of 'index'

                    Image
                    up vote 0 down vote favorite My App can authenticate successfully when debugging against the Android emulator, but if I try to authenticate using debugging against the physical device (with same OS version), an error message appears after more than one minute waiting: Exception has occurred. _TypeError (type 'String' is not a subtype of type 'int' of 'index') The error message points to the following code: if (responseJson[AuthUtils.authTokenKey] != null) { AuthUtils.insertDetails( userNameController.text, passwordController.text, responseJson); ... } else { ... }; And in the DEBUG CONSOLE I get the following: I/flutter ( 9531): Auth: SocketException: OS Error: Connection timed out, errno = 110, address = example.com, port = 3897
                    Read more