Security

allow user to run search contained in lookup

dmcintosh1972
Explorer

I have created a lookup. fairly basic 2 columns, column 1 has an ID the second a search string.

ID searchstring
1 source =xyz

My users get the ID from a separate system and rather than remember the search string or lookup the string themselves they would like to run the search through itself using the search id.

e.g. | inputlookup table where ID=1 | fields searchstring | run searchstring as a splunksearch

Is this possible?

Thanks

Tags (1)
0 Karma

jawaharas
Motivator

For your requirement, you can try using 'macros'.

You can find macro option by navigation through - Settings->Advanced search->Search macros

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Definesearchmacros
https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Searchmacroexamples

0 Karma

jawaharas
Motivator

@dmcintosh1972
Can you accept the answer if it's helped you? Thanks.

0 Karma

jaime_ramirez
Communicator

Maybe with the map command. I will try making an example and check if its possible.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...