Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Creating Data How Please Help!!

simonafcbrown
Observer
‎01-27-2021 06:52 AM

Hello can you help I am not the most technical and I have signed up to the UAT of Splunk.

Logged on as a Administrator and built a dashboard simply form a CSV file use in the Add Data Functionality path of creating a dashboard.

So I have a LIVE environment and when I go to add data this is not available, I see I have to add data using a Lookup functionality?  I only want to create a dashboard based on a CSV that is it. 

I am little confused training one way and not having this functionality available to me in Live? 

I might be confused myself can you help. Do I need a lookup ?  Plus when I uploaded file I get this error via the Lookup method of the flat CSV file I want to use.  The File does not contain any invalid characters.  

 

I am little bit nervous about what I have to do and I am confused on how this system

Please Please can you help...

Encountered the following error while trying to save: Invalid name: only alphanumeric characters, '-', '_', and '.' are allowed. 

Labels (1)
Labels
0 Karma
Reply

FelixLeh
Contributor
‎01-27-2021 07:16 AM

Hi @simonafcbrown,
(relatively new member here as well so I might be wrong about some stuff and PLEASE anybody correct me if I write something wrong 🙂)
From what I understand from your post you have already indexed your csv file through the "add Data" function of Splunk.  If not you have 2 options:
1.
Click the splunk logo(top left), click add Data and upload your csv as an input file.
During this process you can set an Index your Data will get sent into. (Default or custom Index)
To access this data in a search for your dashboard simply start your search with:

index=yourIndexName

searching with just this string will give you any indexed events in the selected time range!
Then you can follow up with your desired search.

2.
You can also create a Lookup from your csv Data.
A  file with columns and rows can be loaded as a Lookup in Settings->Lookup->new file (Lookup table files)
Then also create a new Lookup Definition for your uploaded Lookup File.
You can access the created Lookup File in your search through:

| inputlookup yourLookupName

if all was done correctly you can search your source for data!
To add your search to a Dashboard just go to "Save as" in the top right of your search and create a Dashboard  from there. You can also add Searches to existing Dashboards here if you pick "Existing"

I hope my explanation was helpful! 

also for most of the questions you have, docs.splunk is your friend 🙂
https://docs.splunk.com/Documentation

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...