Solved: Re: Limiting lookup options using a token

ft_kd02 · ‎08-09-2021

Hi all,

I have a lookup and I'd like to filter based on tokenized value. The lookup dropdown also sets a different token based on selection. This would normally be a simple task, but I've been asked to have the lookup pre-filtered based on who is using the app. Each item in the dropdown represents a different user.

The lookup:

| inputlookup $tokLookup$
| fields field_description, field
| dedup field,field_description

field for label = field_description
field for value = field

The pseudo code of what I'd like to do is simple:

| inputlookup $tokLookup$
| where field="$tokUserRole$"
| fields field_description, field
| dedup field,field_description

Is this possible within the constraints, such that I'm only producing the single value from the lookup corresponding to the user?

ft_kd02 · ‎08-09-2021

Turned out to be a issue in how the data was handled before it hit the token and when the token was populated. The above solution should work:

| inputlookup $tokLookup$
| where field="$tokUserRole$"
| fields field_description, field
| dedup field,field_description

View solution in original post

ft_kd02 · ‎08-09-2021

Turned out to be a issue in how the data was handled before it hit the token and when the token was populated. The above solution should work:

| inputlookup $tokLookup$
| where field="$tokUserRole$"
| fields field_description, field
| dedup field,field_description

Limiting lookup options using a token

lookup

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Are you a member of the Splunk Community?

Limiting lookup options using a token

lookup

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!