Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

if statement to output multiple tables in splunk?

ashidhingra
Path Finder
‎05-18-2022 10:24 AM

if statement to output multiple tables in splunk?

For example I have 3 tables that have the following data
Table 1 
AA 1.1 
AA1.5
BB 2.1
CC 3.1
AA 1.3
AA 1.4


Table 2
AA 1.1 
AA1.8
BB 2.1
CC 3.1
AA 1.3
AA 1.7

Table 3
AA 1.4
AA1.5
BB 2.6
CC 3.7
AA 1.4
AA 1.5

How can i search for AA so i get the output in the form of 3/2/1 different tables depending on what the query is?

Also is there a way to call for a specific set of queries if one of the fields match
for example i want to create a search query that
if today is monday please search for aa
if today is tuesday please search for bb

Can i have an if statement call multiple table IDs for multiselect option?

PS. I have the data in an excel sheet that i cannot deploy to splunk

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-18-2022 10:46 AM

If the data cannot be in Splunk then how do you expect to use Splunk to search it?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ashidhingra
Path Finder
‎05-18-2022 10:49 AM

the tables are present is splunk. 

is there a way to have an if statement call for different table IDs?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-18-2022 11:40 AM

SPL does not support conditional execution like in high-level programming languages.  Commands are executed consecutively from beginning to end.

Dashboards, however, may be able to do what you seek.  One can create a dashboard with several panels (queries).  Each panel can be hidden or displayed based on the absence or presence of a token.  The tokens are set based on some input, which usually is selected by the user, but it can be a search that returns the current day of the week.

Does that sound like it's what you need?

---
If this reply helps you, Karma would be appreciated.
Reply

ashidhingra
Path Finder
‎05-18-2022 12:09 PM

Hiding panels was a great idea. thanks.

0 Karma
Reply

ashidhingra
Path Finder
‎05-18-2022 10:49 AM

search Items NOT present in Index
for example
if day = Mon,tues,wed
output query1 and query3 (as two separate  tables)
if day = thur,friday
output query4 and query5 (as two separate  tables)
if day = Mon,friday
output query1 (as one separate  table)
if day = Mon,wed,friday
output query2, query3 and query5 (as three separate  tables)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...