A subsearch is a search within a search. If your main search requires data as a result of another search, use Splunk's subsearch capability to combine two searches into one.
Say you want to find statistics about the server that generates the most HTTP status 500 errors. You can achieve your goal of finding the culprit server with two searches.
The first search, shown next, will return the server address with the most 500 errors. Note that you are setting the limit to 1 and giving the instructions (using the + sign) to include just the server_ip field:
SPL> index=main http_status_code=500 | top limit=1 server_ip | fields + server_ip
The result of this code will be one of three IP addresses generated by from our Eventgen data.