Solved: Re: How do I add a label to a dashboard using rest...

MeMilo09 · ‎05-24-2021

Hello There,

I am able to use the | rest command to obtain the date that the lookup was last updated in Splunk. However, I can only seem to do that with one lookup and I am not able to add the other lookups. How can I add more lookups to the | rex command?

Lookups I have to add redSox_Report_.csv, yankees_Report_.csv, dodgers_Report.csv?

I can only add one so far angels_Report_.csv

| rest/servicesNS/-/-/data/lookup-table-files/angels_Report.csv

| eval updated=strptime(updated,"%FT%T%:z")

| eval desired_time=strftime(updated, "%a %m/%d/%Y")

| table desired_time

MeMilo09 · ‎05-24-2021

I found the solution:

| rest/servicesNS/-/-/data/lookup-table-files search="*_Report.csv"

| eval updated=strptime(updated,"%FT%T%:z")

| eval desired_time=strftime(updated, "%a %m/%d/%Y")

| table desired_time

View solution in original post

MeMilo09 · ‎05-24-2021

I found the solution:

| rest/servicesNS/-/-/data/lookup-table-files search="*_Report.csv"

| eval updated=strptime(updated,"%FT%T%:z")

| eval desired_time=strftime(updated, "%a %m/%d/%Y")

| table desired_time

How do I add a label to a dashboard using rest command for several lookups ?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

How do I add a label to a dashboard using rest command for several lookups ?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!