I want to be able to search for patterns in Splunk and then search for another pattern in the search results. I should be able to repeat it for any number of strings.
This is very simple in Linux:
grep pattern_1 <file name> | grep pattern_2 | grep pattern_3 | grep pattern_4
How can I do this in Splunk? I would like to make it generic irrespective of the count of sub-searches.
Depending on your use case, you either do something like this:
index=ndx sourcetype=srctp fieldA=something fieldB=pattern fieldC=*
Or you might end up doing this:
index=ndx sourcetype=srctp "some literal text"
| rex field=_raw "a pattern of stuff (?<fieldtoextract>regex-goes-here)"
Or possibly this:
index=ndx sourcetype=srctp fieldA=*
| stats values(fieldB) by fieldA
| where mvcount(fieldB)>3 AND match(fieldA,"something")
Or maybe something else entirely.
If you have sample data, we can help craft some more-specific SPL for you - but there are many many many ways to "search within a search" in Splunk.