Splunk Enterprise

How can I write in summary index from dashboard input on change?

spisiakmi
Contributor

Hi, can anybody help, please?

Problem:

In dashboard I have label. If I write something in the label <number> and press Enter, I would like to make an action: write something in summary index.

Label: serial_num
Index: index_sum

Fields to be saved in summary index: $Label$, <actual_time>, identifier

Labels (1)
0 Karma
1 Solution

spisiakmi
Contributor

Hi richgalloway,

thank you for response, I solved this problem. In fact you were absolutely right. I sent the value through a token to search of any element, can be also hidden, and this search ends like | collect index=machinedata_w48_sum testmode=false

 

View solution in original post

spisiakmi
Contributor

Hi richgalloway,

thank you for response, I solved this problem. In fact you were absolutely right. I sent the value through a token to search of any element, can be also hidden, and this search ends like | collect index=machinedata_w48_sum testmode=false

 

richgalloway
SplunkTrust
SplunkTrust

<input> elements cannot write to lookup files.  That only can be done within a <search> element.

What problem are you trying to solve?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...