Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

if statement to output multiple tables in splunk?

ashidhingra
Path Finder
‎05-18-2022 10:24 AM

if statement to output multiple tables in splunk?

For example I have 3 tables that have the following data
Table 1 
AA 1.1 
AA1.5
BB 2.1
CC 3.1
AA 1.3
AA 1.4


Table 2
AA 1.1 
AA1.8
BB 2.1
CC 3.1
AA 1.3
AA 1.7

Table 3
AA 1.4
AA1.5
BB 2.6
CC 3.7
AA 1.4
AA 1.5

How can i search for AA so i get the output in the form of 3/2/1 different tables depending on what the query is?

Also is there a way to call for a specific set of queries if one of the fields match
for example i want to create a search query that
if today is monday please search for aa
if today is tuesday please search for bb

Can i have an if statement call multiple table IDs for multiselect option?

PS. I have the data in an excel sheet that i cannot deploy to splunk

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-18-2022 10:46 AM

If the data cannot be in Splunk then how do you expect to use Splunk to search it?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ashidhingra
Path Finder
‎05-18-2022 10:49 AM

the tables are present is splunk. 

is there a way to have an if statement call for different table IDs?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-18-2022 11:40 AM

SPL does not support conditional execution like in high-level programming languages.  Commands are executed consecutively from beginning to end.

Dashboards, however, may be able to do what you seek.  One can create a dashboard with several panels (queries).  Each panel can be hidden or displayed based on the absence or presence of a token.  The tokens are set based on some input, which usually is selected by the user, but it can be a search that returns the current day of the week.

Does that sound like it's what you need?

---
If this reply helps you, Karma would be appreciated.
Reply

ashidhingra
Path Finder
‎05-18-2022 12:09 PM

Hiding panels was a great idea. thanks.

0 Karma
Reply

ashidhingra
Path Finder
‎05-18-2022 10:49 AM

search Items NOT present in Index
for example
if day = Mon,tues,wed
output query1 and query3 (as two separate  tables)
if day = thur,friday
output query4 and query5 (as two separate  tables)
if day = Mon,friday
output query1 (as one separate  table)
if day = Mon,wed,friday
output query2, query3 and query5 (as three separate  tables)

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...