How to complete search string in lookup?

ARaman77 · ‎03-28-2022

Hi

we have a microservices based system and have several services running , the developers put unti a lookup table the complete search string, . I am ablr to retrieve the string from lookup but not able to execute it

| inputlookup searchstring.csv  | streamstats count as Rowcount | where Rowcount =1 | search Search_String

a sample of what is there in Search_String , this one is simple but sometimes there are complex queries

index=abc* AND source= xyz* AND host=* AND ERROR=50* | stats count as 5xx_Errors

how to make the Search string in lookup execute

PickleRick · ‎03-28-2022

I don't think you can do that. Even fiddling with the format command best you can do is your own formatted parameters for the search command. I don't see any way to run the subsearch output as a whole command to be parsed and executed by splunk.

If you need them to be able to use searches on their own from external software, let them use API.

How to complete search string in lookup?

lookup

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation

How to complete search string in lookup?

lookup

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability