Solved: Can you just search your lookup table?

sondradotcom · ‎05-03-2011

This may sound odd, but I wonder if there's a query that will just return your lookup table. Basically, I want to create a pulldown-driven form in Splunk, and I want to populate the pulldown with the contents of specific lookup table. I could just paste the values in, I suppose, but I don't want to maintain that list in two places. Alternatively, I could run a splunk query that would likely return all the results of that lookup table, but that seems like a lot of overhead. Any thoughts?

Thanks!
-S.

Stephen_Sorkin · ‎05-03-2011

Absolutely. | inputlookup <lookup name> will pull the full lookup table.

View solution in original post

jagdeepgupta813 · ‎08-30-2017

Hello,

Can we search all the lookup table available in splunk ?
I tried below command but that didn't work

| inputlookup *.csv

Stephen_Sorkin · ‎05-03-2011

Absolutely. | inputlookup <lookup name> will pull the full lookup table.

Stephen_Sorkin · ‎05-03-2011

I wouldn't suggest timechart for this. Rather, add something like: | dedup

jbsplunk · ‎05-03-2011

| timechart span=1m distinct_count(value)

sondradotcom · ‎05-03-2011

Okay, follow up: what if you want a list of distinct values. My lookup has some values that show up more than once in the same column -- how do I filter it down to one time?

sondradotcom · ‎05-03-2011

I had a feeling. You splunk people are AWESOME! Truly.

Can you just search your lookup table?

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?