Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Creating Data How Please Help!!

simonafcbrown
Observer
‎01-27-2021 06:52 AM

Hello can you help I am not the most technical and I have signed up to the UAT of Splunk.

Logged on as a Administrator and built a dashboard simply form a CSV file use in the Add Data Functionality path of creating a dashboard.

So I have a LIVE environment and when I go to add data this is not available, I see I have to add data using a Lookup functionality?  I only want to create a dashboard based on a CSV that is it. 

I am little confused training one way and not having this functionality available to me in Live? 

I might be confused myself can you help. Do I need a lookup ?  Plus when I uploaded file I get this error via the Lookup method of the flat CSV file I want to use.  The File does not contain any invalid characters.  

 

I am little bit nervous about what I have to do and I am confused on how this system

Please Please can you help...

Encountered the following error while trying to save: Invalid name: only alphanumeric characters, '-', '_', and '.' are allowed. 

Labels (1)
Labels
0 Karma
Reply

FelixLeh
Contributor
‎01-27-2021 07:16 AM

Hi @simonafcbrown,
(relatively new member here as well so I might be wrong about some stuff and PLEASE anybody correct me if I write something wrong 🙂)
From what I understand from your post you have already indexed your csv file through the "add Data" function of Splunk.  If not you have 2 options:
1.
Click the splunk logo(top left), click add Data and upload your csv as an input file.
During this process you can set an Index your Data will get sent into. (Default or custom Index)
To access this data in a search for your dashboard simply start your search with:

index=yourIndexName

searching with just this string will give you any indexed events in the selected time range!
Then you can follow up with your desired search.

2.
You can also create a Lookup from your csv Data.
A  file with columns and rows can be loaded as a Lookup in Settings->Lookup->new file (Lookup table files)
Then also create a new Lookup Definition for your uploaded Lookup File.
You can access the created Lookup File in your search through:

| inputlookup yourLookupName

if all was done correctly you can search your source for data!
To add your search to a Dashboard just go to "Save as" in the top right of your search and create a Dashboard  from there. You can also add Searches to existing Dashboards here if you pick "Existing"

I hope my explanation was helpful! 

also for most of the questions you have, docs.splunk is your friend 🙂
https://docs.splunk.com/Documentation

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...