Solved: How can I write in summary index from dashboard in...

spisiakmi · ‎03-23-2023

Hi, can anybody help, please?

Problem:

In dashboard I have label. If I write something in the label <number> and press Enter, I would like to make an action: write something in summary index.

Label: serial_num
Index: index_sum

Fields to be saved in summary index: $Label$, <actual_time>, identifier

spisiakmi · ‎03-23-2023

Hi richgalloway,

thank you for response, I solved this problem. In fact you were absolutely right. I sent the value through a token to search of any element, can be also hidden, and this search ends like | collect index=machinedata_w48_sum testmode=false

View solution in original post

spisiakmi · ‎03-23-2023

Hi richgalloway,

thank you for response, I solved this problem. In fact you were absolutely right. I sent the value through a token to search of any element, can be also hidden, and this search ends like | collect index=machinedata_w48_sum testmode=false

richgalloway · ‎03-23-2023

<input> elements cannot write to lookup files. That only can be done within a <search> element.

What problem are you trying to solve?

---
If this reply helps you, Karma would be appreciated.

How can I write in summary index from dashboard input on change?

using Splunk Enterprise

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?