All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I create both a saved search and a table out of data from the Splunk App for AWS

ScottMacD
New Member
‎08-09-2017 09:32 AM

Background: I was told yesterday that I needed to create a custom dashboard for the Splunk App for AWS out of performance information we were already receiving in other dashboards.

The Problem: Today I find out, that what we ACTUALLY needed was information [from Splunk App for AWS] to (1) populate a saved search and (2) get it into a table.

Is there a way to make that data from the dashboard populate a saved search and then a table?

0 Karma
Reply

woodcock
Esteemed Legend
‎08-09-2017 03:50 PM

Just add | outputcsv MyLookupDefinition to the panel's search and then you can do | inputcsv MyLookupDefinition to load it elsewhere. Alternatively, you can save the search in the panel as a saved search and then reference it with |savedsearch and then load that elsewhere with | loadjob

0 Karma
Reply

ScottMacD
New Member
‎08-09-2017 10:22 AM

I should say that the data populates Dashboard panels already, but it needs to be put into a saved search/table.

0 Karma
Reply

kmorris_splunk
Splunk Employee
Splunk Employee
‎08-09-2017 01:34 PM

A saved search in Splunk is the same thing as a Report. You could start by opening the panel in your existing dashboard that uses that data in search (hover over the panel and click the magnifying glass at the bottom. This will open the search for that panel. Modify the search to represent your data in a table, then save it as a Report (Save As...Report).

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...