Solved: How do I add a label to a dashboard using rest com...

MeMilo09 · ‎05-24-2021

Hello There,

I am able to use the | rest command to obtain the date that the lookup was last updated in Splunk. However, I can only seem to do that with one lookup and I am not able to add the other lookups. How can I add more lookups to the | rex command?

Lookups I have to add redSox_Report_.csv, yankees_Report_.csv, dodgers_Report.csv?

I can only add one so far angels_Report_.csv

| rest/servicesNS/-/-/data/lookup-table-files/angels_Report.csv

| eval updated=strptime(updated,"%FT%T%:z")

| eval desired_time=strftime(updated, "%a %m/%d/%Y")

| table desired_time

MeMilo09 · ‎05-24-2021

I found the solution:

| rest/servicesNS/-/-/data/lookup-table-files search="*_Report.csv"

| eval updated=strptime(updated,"%FT%T%:z")

| eval desired_time=strftime(updated, "%a %m/%d/%Y")

| table desired_time

View solution in original post

MeMilo09 · ‎05-24-2021

I found the solution:

| rest/servicesNS/-/-/data/lookup-table-files search="*_Report.csv"

| eval updated=strptime(updated,"%FT%T%:z")

| eval desired_time=strftime(updated, "%a %m/%d/%Y")

| table desired_time

How do I add a label to a dashboard using rest command for several lookups ?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

How do I add a label to a dashboard using rest command for several lookups ?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR