If I write a search query and want to push the search query code to my lookup. Ho to do it??
The query itself won't give you this ability.
However, all queries are stored in the _audit index. So you could search this index for the desired queries and then output the result into a lookup file.
index=_audit action=search
is it the code you want to push, or the output?
Yes, I want to push the splunk query code in lookup.
For Example : - index="_internal" and I want to push index="_internal" into the lookup.
just throwing out there but if you want to capture the searches, you can go with something like this:
| history | table _time search | outputlookup searches.csv
The community more details about your queries and lookup in order to be helpful.
Please provide a summary of what is stored in the lookup and what your queries look like.
if the results are what youre looking for, just pipe to table and outputlookup. something like that:
my base search | table field1 field2 fieldn | ouputlookup mysearch.csv