Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Using different input lookup commands based on token given in a dropdown

ft_kd02
Path Finder
‎06-10-2021 01:20 PM

Hi all,

First time poster, new to Splunk and query languages in general, please forgive if this is a silly question. 

I am trying to insert an additional layer of tokenization into a chained series of dropdowns. Working for my dashboard is a dropdown that gives us a set of values based on an input lookup command:

company dropdown ( input lookup xxxxx.csv) -> token2 dropdown-> token3 dropdown etc..

The ideal situation is using a new 'environment' dropdown that will pass it's token to the company dropdown to segregate the items listed in 'company' based on environment. I have two lookup files, each containing the relevant key/value pairings of that environment. Is it possible to use a token to change a search entirely based on what token is received? 

In more detail: 

Company dropdown search:  
| inputlookup xxxxxxx.csv
| fields description, value
| dedup description, value

The format of the lookup tables:
2 rows:
value description
value1 description1
value2 description2
etc...

Environment has two static values (field1, field1Value), (field2, field2Value). Can I pass in a different lookup table (or, just pass in a similar search with a different lookup) to the company dropdown, based on what environment token is given? 

It's not lost on me that I may be going about this the wrong way. If I'm going totally the wrong direction, let me know.

Thanks

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rupkumar4sec
Path Finder
‎06-10-2021 01:34 PM

You can do that. 
In environment dropdown, field1Value and field2Value should be your lookup names. Then in company dropdown use  that token in place of lookup name in inputlookup command

In environment dropdown
field1 lookup1.csv
field2 lookup2.csv

In company dropdown
| inputlookup $tokenfromenvironment$
| fields description, value
| dedup description, value


View solution in original post

Reply
Solved! Jump to solution
Solution

rupkumar4sec
Path Finder
‎06-10-2021 01:34 PM

You can do that. 
In environment dropdown, field1Value and field2Value should be your lookup names. Then in company dropdown use  that token in place of lookup name in inputlookup command

In environment dropdown
field1 lookup1.csv
field2 lookup2.csv

In company dropdown
| inputlookup $tokenfromenvironment$
| fields description, value
| dedup description, value


Reply
Solved! Jump to solution

ft_kd02
Path Finder
‎06-10-2021 02:04 PM

@rupkumar4sec Thank you, so simple!

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...