Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

if statement to output multiple tables in splunk?

ashidhingra
Path Finder
‎05-18-2022 10:24 AM

if statement to output multiple tables in splunk?

For example I have 3 tables that have the following data
Table 1 
AA 1.1 
AA1.5
BB 2.1
CC 3.1
AA 1.3
AA 1.4


Table 2
AA 1.1 
AA1.8
BB 2.1
CC 3.1
AA 1.3
AA 1.7

Table 3
AA 1.4
AA1.5
BB 2.6
CC 3.7
AA 1.4
AA 1.5

How can i search for AA so i get the output in the form of 3/2/1 different tables depending on what the query is?

Also is there a way to call for a specific set of queries if one of the fields match
for example i want to create a search query that
if today is monday please search for aa
if today is tuesday please search for bb

Can i have an if statement call multiple table IDs for multiselect option?

PS. I have the data in an excel sheet that i cannot deploy to splunk

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-18-2022 10:46 AM

If the data cannot be in Splunk then how do you expect to use Splunk to search it?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ashidhingra
Path Finder
‎05-18-2022 10:49 AM

the tables are present is splunk. 

is there a way to have an if statement call for different table IDs?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-18-2022 11:40 AM

SPL does not support conditional execution like in high-level programming languages.  Commands are executed consecutively from beginning to end.

Dashboards, however, may be able to do what you seek.  One can create a dashboard with several panels (queries).  Each panel can be hidden or displayed based on the absence or presence of a token.  The tokens are set based on some input, which usually is selected by the user, but it can be a search that returns the current day of the week.

Does that sound like it's what you need?

---
If this reply helps you, Karma would be appreciated.
Reply

ashidhingra
Path Finder
‎05-18-2022 12:09 PM

Hiding panels was a great idea. thanks.

0 Karma
Reply

ashidhingra
Path Finder
‎05-18-2022 10:49 AM

search Items NOT present in Index
for example
if day = Mon,tues,wed
output query1 and query3 (as two separate  tables)
if day = thur,friday
output query4 and query5 (as two separate  tables)
if day = Mon,friday
output query1 (as one separate  table)
if day = Mon,wed,friday
output query2, query3 and query5 (as three separate  tables)

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...