Welcome to Splunk Searches!SplunkSearches.com is a collection of Splunk searches, Splunk SPL tips and tricks, and Splunk search optimization techniques.
Search Tip of the WeekHave you ever wondered how to send the results of one search into another search? By using the map command you can achieve exactly that. Example:
sourcetype=syslog sudo | stats count by user host | map search="search index=ad_summary username=$user$ type_logon=ad_last_logon"
Most Popular Searches: