AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() ![]() The combined search cannot return anything. That is why the subsearch contradicts the main search even upon an absolute match. According to your sample code, address index returns an XML document, which probably contains something like 123 Main St Sommerville Sommstate I can imagine that `get_ip_location()` returns a string like "123 Main St, Sommerville, Sommstate". I understand what you want to compare, but cannot visualize your data without illustration. How can I pass these 2 values, $email and $ip_location, to the outer search? | stats values(city) as city values(state) as state values(address) as address by email ip_location However, when I try to following query, I get no results: The ultimate goal is to build a search that queries registrations from met online, use the get_ip_location on the originating IP address, then compare that ip_location with their address on file (which is usually in the address index). Problem: when I attempt to add a second parameter to the return command, in addition to email, the query no longer works. My goal, right now, is to pass 2 parameters to the outer search, an email and the src_ip/ip_location. Then, the return command passes the email to the outer search, which then queries the address index for an address on file according to the email. The inner search looks for all the registrations for the past 30 mins. ![]() | stats values(city) as city values(state) as state values(address) as address by email ![]() [ search index=registration_index earliest=-30m Index=address_index earliest=-30m address ![]()
0 Comments
Read More
Leave a Reply. |