Very well explained! I just couldn't understand why anyone would use sub searches. This makes much more sense now. Thank you!

I'm already 10 mins in and learned a lot. Subsearch was something I could never fully master even after year of using Splunk, but thanks for the video packed full of info!

Learnt a lot from your video, thank you

Nice explanation with a beautiful use case...

Amazing video!! Thank you again.!!

Thanks for the video. It helped me.

The Best.. As always

Thank you so much for the outstanding videos. I learned a lot from you . Thank you much !! Well explained and to the point . Any plans releasing videos on Splunk Enterprise security and ITSI. Thanks All the best

Outstanding video. Thank you!

Thanks, very useful video

Very good video. I have one question - For e.g. : Subsearch gives few accountIDs from different index and sourcetype. (Contains only order info) Main search needs those accountIDs to filter them out and show inactive accountIDs that did not place any orders yet Subsearch - has order info MainSearch - has account info index=account sourcetype=x NOT [ index=order sourcetype=y | fields accountID ] | table accountID is the above query correct ? what is the fastest way to get it ?

Thank you!

can you pls....start Splunk Enterprise security your videos are awesome