Splunk Search

Can you just search your lookup table?

sondradotcom
Path Finder

This may sound odd, but I wonder if there's a query that will just return your lookup table. Basically, I want to create a pulldown-driven form in Splunk, and I want to populate the pulldown with the contents of specific lookup table. I could just paste the values in, I suppose, but I don't want to maintain that list in two places. Alternatively, I could run a splunk query that would likely return all the results of that lookup table, but that seems like a lot of overhead. Any thoughts?

Thanks!
-S.

Tags (1)
1 Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee

Absolutely. | inputlookup <lookup name> will pull the full lookup table.

View solution in original post

jagdeepgupta813
Explorer

Hello,

Can we search all the lookup table available in splunk ?
I tried below command but that didn't work

| inputlookup *.csv

0 Karma

Stephen_Sorkin
Splunk Employee
Splunk Employee

Absolutely. | inputlookup <lookup name> will pull the full lookup table.

Stephen_Sorkin
Splunk Employee
Splunk Employee

I wouldn't suggest timechart for this. Rather, add something like: | dedup

0 Karma

jbsplunk
Splunk Employee
Splunk Employee

| timechart span=1m distinct_count(value)

0 Karma

sondradotcom
Path Finder

Okay, follow up: what if you want a list of distinct values. My lookup has some values that show up more than once in the same column -- how do I filter it down to one time?

0 Karma

sondradotcom
Path Finder

I had a feeling. You splunk people are AWESOME! Truly.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...