I'm already 10 mins in and learned a lot. Subsearch was something I could never fully master even after year of using Splunk, but thanks for the video packed full of info!
Thank you so much for the outstanding videos. I learned a lot from you . Thank you much !! Well explained and to the point . Any plans releasing videos on Splunk Enterprise security and ITSI. Thanks All the best
Thank you... Only thing is stopping me to cover itsi is its not free... And 7 days of sandbox is not enough... I sent an email to splunk but I don't think they will entertain my request for longer sandbox. I am thinking to cover the theory part first then use the sandbox for some demo
Very good video. I have one question - For e.g. : Subsearch gives few accountIDs from different index and sourcetype. (Contains only order info) Main search needs those accountIDs to filter them out and show inactive accountIDs that did not place any orders yet Subsearch - has order info MainSearch - has account info index=account sourcetype=x NOT [ index=order sourcetype=y | fields accountID ] | table accountID is the above query correct ? what is the fastest way to get it ?
Yes the query looks correct. Fastest way would be if you can build a summary from the query result and use summary index in your reports or dashboards.
Very well explained! I just couldn't understand why anyone would use sub searches. This makes much more sense now. Thank you!
I'm already 10 mins in and learned a lot. Subsearch was something I could never fully master even after year of using Splunk, but thanks for the video packed full of info!
Thank you so much for the outstanding videos. I learned a lot from you . Thank you much !! Well explained and to the point . Any plans releasing videos on Splunk Enterprise security and ITSI.
Thanks
All the best
Thank you... Only thing is stopping me to cover itsi is its not free... And 7 days of sandbox is not enough... I sent an email to splunk but I don't think they will entertain my request for longer sandbox. I am thinking to cover the theory part first then use the sandbox for some demo
Learnt a lot from your video, thank you
Nice explanation with a beautiful use case...
Outstanding video. Thank you!
Amazing video!! Thank you again.!!
Thanks for the video. It helped me.
Thanks, very useful video
Thank you!
The Best.. As always
can you pls....start Splunk Enterprise security your videos are awesome
Very good video. I have one question - For e.g. :
Subsearch gives few accountIDs from different index and sourcetype. (Contains only order info)
Main search needs those accountIDs to filter them out and show inactive accountIDs that did not place any orders yet
Subsearch - has order info
MainSearch - has account info
index=account sourcetype=x NOT [ index=order sourcetype=y | fields accountID ] | table accountID
is the above query correct ? what is the fastest way to get it ?
Yes the query looks correct. Fastest way would be if you can build a summary from the query result and use summary index in your reports or dashboards.