All Apps and Add-ons

How can I create both a saved search and a table out of data from the Splunk App for AWS

ScottMacD
New Member

Background: I was told yesterday that I needed to create a custom dashboard for the Splunk App for AWS out of performance information we were already receiving in other dashboards.

The Problem: Today I find out, that what we ACTUALLY needed was information [from Splunk App for AWS] to (1) populate a saved search and (2) get it into a table.

Is there a way to make that data from the dashboard populate a saved search and then a table?

0 Karma

woodcock
Esteemed Legend

Just add | outputcsv MyLookupDefinition to the panel's search and then you can do | inputcsv MyLookupDefinition to load it elsewhere. Alternatively, you can save the search in the panel as a saved search and then reference it with |savedsearch and then load that elsewhere with | loadjob

0 Karma

ScottMacD
New Member

I should say that the data populates Dashboard panels already, but it needs to be put into a saved search/table.

0 Karma

kmorris_splunk
Splunk Employee
Splunk Employee

A saved search in Splunk is the same thing as a Report. You could start by opening the panel in your existing dashboard that uses that data in search (hover over the panel and click the magnifying glass at the bottom. This will open the search for that panel. Modify the search to represent your data in a table, then save it as a Report (Save As...Report).

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...