Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Using different input lookup commands based on token given in a dropdown

ft_kd02
Path Finder
‎06-10-2021 01:20 PM

Hi all,

First time poster, new to Splunk and query languages in general, please forgive if this is a silly question. 

I am trying to insert an additional layer of tokenization into a chained series of dropdowns. Working for my dashboard is a dropdown that gives us a set of values based on an input lookup command:

company dropdown ( input lookup xxxxx.csv) -> token2 dropdown-> token3 dropdown etc..

The ideal situation is using a new 'environment' dropdown that will pass it's token to the company dropdown to segregate the items listed in 'company' based on environment. I have two lookup files, each containing the relevant key/value pairings of that environment. Is it possible to use a token to change a search entirely based on what token is received? 

In more detail: 

Company dropdown search:  
| inputlookup xxxxxxx.csv
| fields description, value
| dedup description, value

The format of the lookup tables:
2 rows:
value description
value1 description1
value2 description2
etc...

Environment has two static values (field1, field1Value), (field2, field2Value). Can I pass in a different lookup table (or, just pass in a similar search with a different lookup) to the company dropdown, based on what environment token is given? 

It's not lost on me that I may be going about this the wrong way. If I'm going totally the wrong direction, let me know.

Thanks

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rupkumar4sec
Path Finder
‎06-10-2021 01:34 PM

You can do that. 
In environment dropdown, field1Value and field2Value should be your lookup names. Then in company dropdown use  that token in place of lookup name in inputlookup command

In environment dropdown
field1 lookup1.csv
field2 lookup2.csv

In company dropdown
| inputlookup $tokenfromenvironment$
| fields description, value
| dedup description, value


View solution in original post

Reply
Solved! Jump to solution
Solution

rupkumar4sec
Path Finder
‎06-10-2021 01:34 PM

You can do that. 
In environment dropdown, field1Value and field2Value should be your lookup names. Then in company dropdown use  that token in place of lookup name in inputlookup command

In environment dropdown
field1 lookup1.csv
field2 lookup2.csv

In company dropdown
| inputlookup $tokenfromenvironment$
| fields description, value
| dedup description, value


Reply
Solved! Jump to solution

ft_kd02
Path Finder
‎06-10-2021 02:04 PM

@rupkumar4sec Thank you, so simple!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...