Using subsearches to find loosely related events
The number of use cases for subsearches in the real world might be small, but for those situations where they can be applied, subsearches can be a magic bullet. Let's look at an example and then talk about some rules.
Subsearch
Let's start with these events:
2015-02-10 12:59:59 msgid=704783 [email protected] [email protected] 2015-02-10 12:59:59 msgid=171755 [email protected] [email protected] 2015-02-10 12:59:59 msgid=668955 [email protected] [email protected] 2015-02-10 12:59:59 msgid=001404 [email protected] [email protected] 2015-02-10 12:59:59 msgid=284794 [email protected] [email protected] 2015-02-10 12:59:59 msgid=362127 [email protected] [email protected] 2015-02-10 12:59:59 msgid=571419 [email protected] to=ronnie@g&r.com
From these events, let's find out to whom mary
has sent messages. In these events, we see that the from
and to
values are in different entries. We...