Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

help required on lookup

deepikasounda
New Member
‎02-25-2019 10:32 PM

Hi,
I used the below to lookup for a query from a lookup file/table and execute it.

Lookup file - search_queries.csv with Name and Search has two columns.
[where search has the query that has to be selected upon selecting the corresponding Name]

<form>
1.   <label>Run Search from Lookup</label>
2.   <fieldset submitButton="false">
3.     <input type="time" token="tokTime" searchWhenChanged="true">
4.       <label>Select Time</label>
5.       <default>
6.         <earliest>-24h@h</earliest>
7.         <latest>now</latest>
8.       </default>
9.     </input>
10.   </fieldset>
11.   <row>
12.     <panel>
13.       <title>Search Based on Lookup</title>
14.       <input type="dropdown" token="tokSearchQuery" searchWhenChanged="true">
15.         <label>Select Search Query (from lookup)</label>
16.         <fieldForLabel>Name</fieldForLabel>
17.         <fieldForValue>Search</fieldForValue>
18.         <search>
19.           <query>| inputlookup search_queries.csv | table Name Search</query>
20.         </search>
21.       </input>
22.       <chart>
23.         <search>
24.           <query>$tokSearchQuery$</query>
25.           <earliest>$tokTime.earliest$</earliest>
26.           <latest>$tokTime.latest$</latest>
27.         </search>
28.         <option name="charting.chart.showDataLabels">minmax</option>
29.         <option name="charting.chart.stackMode">stacked</option>
30.         <option name="refresh.display">progressbar</option>
31.       </chart>
32.     </panel>
33.   </row>
34. </form>

Now my requirement is in my lookup file there are going to be three columns - Name,SubName and Search.
[for the match Name and SubName the corresponding Search has to be executed]

Kindly help me with this.

Your response at the earliest will be appreciated.

Tags (1)
0 Karma
Reply

deepikasounda
New Member
‎02-26-2019 04:37 AM

Can someone help please

0 Karma
Reply

FrankVl
Ultra Champion
‎02-26-2019 12:13 AM

Concatenate the name and subname columns into a single column you then use for the dropdown label?

0 Karma
Reply

deepikasounda
New Member
‎02-26-2019 01:42 AM

Hi,there are lot more varaitions for it.
So doing that will not be possible.

Could you help me without concatenating the columns please

0 Karma
Reply

FrankVl
Ultra Champion
‎02-26-2019 01:53 AM

Well, then you could try adding another dropdown input that contains the names and then use that token to parametrize the dropdown query that pulls up the subname (and search). I'm not 100% sure though whether that is possible (on dropdown depending on the other) and don't have time at the moment to experiment myself. So just give that a try (or wait for someone else to contribute to this discussion).

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...