https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307007#M161567 <P>if the results are what youre looking for, just pipe to table and outputlookup. something like that:<BR /> my base search | table field1 field2 fieldn | ouputlookup mysearch.csv</P> Fri, 31 Mar 2017 12:41:18 GMT adonio 2017-03-31T12:41:18Z https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307005#M161565 <P>If I write a search query and want to push the search query code to my lookup. Ho to do it??</P> Fri, 31 Mar 2017 07:08:55 GMT https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307005#M161565 vivek_manoj 2017-03-31T07:08:55Z https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307006#M161566 <P>The community more details about your queries and lookup in order to be helpful.</P> <P>Please provide a summary of what is stored in the lookup and what your queries look like.</P> Fri, 31 Mar 2017 12:38:38 GMT https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307006#M161566 rjthibod 2017-03-31T12:38:38Z https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307007#M161567 <P>if the results are what youre looking for, just pipe to table and outputlookup. something like that:<BR /> my base search | table field1 field2 fieldn | ouputlookup mysearch.csv</P> Fri, 31 Mar 2017 12:41:18 GMT https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307007#M161567 adonio 2017-03-31T12:41:18Z https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307008#M161568 <P>is it the <STRONG>code</STRONG> you want to push, or the <STRONG>output</STRONG>?</P> Fri, 31 Mar 2017 17:27:50 GMT https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307008#M161568 DalJeanis 2017-03-31T17:27:50Z https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307009#M161569 <P>Yes, I want to push the splunk query code in lookup.</P> <P>For Example : - index="_internal" and I want to push index="_internal" into the lookup.</P> Tue, 29 Sep 2020 13:30:59 GMT https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307009#M161569 vivek_manoj 2020-09-29T13:30:59Z https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307010#M161570 <P>The query itself won't give you this ability.</P> <P>However, all queries are stored in the _audit index. So you could search this index for the desired queries and then output the result into a lookup file. </P> <PRE><CODE>index=_audit action=search </CODE></PRE> Mon, 03 Apr 2017 10:05:21 GMT https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307010#M161570 gehinger 2017-04-03T10:05:21Z https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307011#M161571 <P>just throwing out there but if you want to capture the searches, you can go with something like this:<BR /> | history | table _time search | outputlookup searches.csv</P> Mon, 03 Apr 2017 11:30:20 GMT https://community.splunk.com/t5/Splunk-Search/How-to-push-the-search-query-to-lookup-file/m-p/307011#M161571 adonio 2017-04-03T11:30:20Z