Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

allow user to run search contained in lookup

dmcintosh1972
Explorer
‎07-26-2019 08:46 AM

I have created a lookup. fairly basic 2 columns, column 1 has an ID the second a search string.

ID searchstring
1 source =xyz

My users get the ID from a separate system and rather than remember the search string or lookup the string themselves they would like to run the search through itself using the search id.

e.g. | inputlookup table where ID=1 | fields searchstring | run searchstring as a splunksearch

Is this possible?

Thanks

Tags (1)
0 Karma
Reply

jawaharas
Motivator
‎07-31-2019 05:35 PM

For your requirement, you can try using 'macros'.

You can find macro option by navigation through - Settings->Advanced search->Search macros

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Definesearchmacros
https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Searchmacroexamples

0 Karma
Reply

jawaharas
Motivator
‎08-04-2019 11:29 PM

@dmcintosh1972
Can you accept the answer if it's helped you? Thanks.

0 Karma
Reply

jaime_ramirez
Communicator
‎07-26-2019 09:01 AM

Maybe with the map command. I will try making an example and check if its possible.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...