Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to complete search string in lookup?

ARaman77
Explorer
‎03-28-2022 10:35 PM

Hi

we have a microservices based system and have several services running , the developers put unti a lookup table the complete search string, . I am ablr to retrieve the string from lookup but not able to execute it

| inputlookup searchstring.csv  | streamstats count as Rowcount | where Rowcount =1 | search Search_String

 

a sample of what is there in Search_String , this one is simple but sometimes there are complex queries

 

index=abc* AND source= xyz* AND host=* AND ERROR=50* | stats count as 5xx_Errors

 

 

how to make the Search string in lookup execute

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-28-2022 11:01 PM

I don't think you can do that. Even fiddling with the format command best you can do is your own formatted parameters for the search command. I don't see any way to run the subsearch output as a whole command to be parsed and executed by splunk.

If you need them to be able to use searches on their own from external software, let them use API.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...