All Apps and Add-ons

Map Variables from Search to Dataset Upload for Use in Pivot Setup

aohls
Contributor

My end goal is to make a pivot users can utilize but there are data items I need to get in line. I uploaded a dataset to map values to where users can search for specific items. Currently we have the following type string I would like to parse: 1=45,2=45.63,3=example... Currently we need to be familiar with what each value is, what 1,2 and 3 are representing; my dataset maps these.

My end goal is a pivot setup as a table where the columns headers are my mapped values, so if 1 was Quantity, the column would say Quantity and then below each result would be shown parsed. Currently my approach was pull all the variables from the search like so:
"rex field=_raw "8=(?.{0,3})"|table test" and continue for each item I need. Once I have that I would use the inputlookup function to then pull in my dataset and map each item; eventually resulting in a pivot table with a few items users can select to make it easier for them to use.

Overall, is there an easier way to go about this? Utilizing the pivot items and datasets is new for me, I have done the training items but if there is further documentation I missed that would be helpful.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...