Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to complete search string in lookup?

ARaman77
Explorer
‎03-28-2022 10:35 PM

Hi

we have a microservices based system and have several services running , the developers put unti a lookup table the complete search string, . I am ablr to retrieve the string from lookup but not able to execute it

| inputlookup searchstring.csv  | streamstats count as Rowcount | where Rowcount =1 | search Search_String

 

a sample of what is there in Search_String , this one is simple but sometimes there are complex queries

 

index=abc* AND source= xyz* AND host=* AND ERROR=50* | stats count as 5xx_Errors

 

 

how to make the Search string in lookup execute

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-28-2022 11:01 PM

I don't think you can do that. Even fiddling with the format command best you can do is your own formatted parameters for the search command. I don't see any way to run the subsearch output as a whole command to be parsed and executed by splunk.

If you need them to be able to use searches on their own from external software, let them use API.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...