SplunkSearches.com is a collection of Splunk searches, Splunk SPL tips and tricks, and Splunk search optimization techniques.
Search Tip of the Week
Have you ever wondered how to send the results of one search into another
search? By using the map command you can achieve exactly that.
Example:
sourcetype=syslog sudo | stats count by user host | map search="search index=ad_summary username=$user$ type_logon=ad_last_logon"