Search Tip of the Week

Have you ever wondered how to send the results of one search into another search? By using the map command you can achieve exactly that. Example: sourcetype=syslog sudo | stats count by user host | map search="search index=ad_summary username=$user$ type_logon=ad_last_logon"