Splunk Search

Can you just search your lookup table?

sondradotcom
Path Finder

This may sound odd, but I wonder if there's a query that will just return your lookup table. Basically, I want to create a pulldown-driven form in Splunk, and I want to populate the pulldown with the contents of specific lookup table. I could just paste the values in, I suppose, but I don't want to maintain that list in two places. Alternatively, I could run a splunk query that would likely return all the results of that lookup table, but that seems like a lot of overhead. Any thoughts?

Thanks!
-S.

Tags (1)
1 Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee

Absolutely. | inputlookup <lookup name> will pull the full lookup table.

View solution in original post

jagdeepgupta813
Explorer

Hello,

Can we search all the lookup table available in splunk ?
I tried below command but that didn't work

| inputlookup *.csv

0 Karma

Stephen_Sorkin
Splunk Employee
Splunk Employee

Absolutely. | inputlookup <lookup name> will pull the full lookup table.

Stephen_Sorkin
Splunk Employee
Splunk Employee

I wouldn't suggest timechart for this. Rather, add something like: | dedup

0 Karma

jbsplunk
Splunk Employee
Splunk Employee

| timechart span=1m distinct_count(value)

0 Karma

sondradotcom
Path Finder

Okay, follow up: what if you want a list of distinct values. My lookup has some values that show up more than once in the same column -- how do I filter it down to one time?

0 Karma

sondradotcom
Path Finder

I had a feeling. You splunk people are AWESOME! Truly.

Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...