Line 13 passes the found messageID's to the outermost (main) search in a such a way that they become part of the search string.Line 12 again limits things to the field we need.Line 11 again is a way to dedup the messageID's.This is, of cause, augmented by the enclosed subsearch we've just discussed. Line 3 selects the events from which we can get the messageID's.Now let's have a look at the outer subsearch. Line 10, of course, closes the innermost subsearch.Line 9 passes the results back to he enclosing search in a way so it can be used as part of the search string.They would be problematic with the following format command. Line 8 gets rid of all the fields we don't require.Line 7 is a different way to deduplicate by bcSender and at the same time reduce the amount of data which needs to be sent back from indexers to the searchhead (if you have a distributed environment).We need the fieldname to be bcSender for the outer search. ![]() (We could extract it to the field from first and then rename it, but this is more direct.)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |