Hey folks,
I had an idea, but am not sure if it can be done in Splunk. I want have a dashboard where you can enter text (such as an IP) into a search, and pass that token to a lookup table (of, say, CIDR blocks my company uses, and the name/label we've named the CIDR block, like N Main, Huntington, etc ) and it would output that name of section of the network the IP originates.
Where I think it will fail is that there is no index I am searching on. I just want it to bounce the IP off of the CIDR blocks we have in the lookup table, and output the name. Thanks in advance for your help.
Edit: I should mention that I have CIDR block lookup working for normal searches.
It should work fine. The simple XML might look like this:
<form>
<label>Sample search</label>
<searchTemplate>index = main | head 1 | eval IP="$IP_input$"
| lookup yourLookupName lookupFieldName as IP OUTPUT outputFieldName
</searchTemplate>
<fieldset>
<input type="text" token="IP_input" />
</fieldset>
<row>
<table>
<title>Results</title>
<option name="count">10</option>
</table>
</row>
</form>
You can actually start a searchTemplate with a | lookup ...
but that won't work here, because you need to get the user's input into a variable. So I included a "dummy search" that just looks at the main index and pulls the first event it finds - and then ignores it.
It should work fine. The simple XML might look like this:
<form>
<label>Sample search</label>
<searchTemplate>index = main | head 1 | eval IP="$IP_input$"
| lookup yourLookupName lookupFieldName as IP OUTPUT outputFieldName
</searchTemplate>
<fieldset>
<input type="text" token="IP_input" />
</fieldset>
<row>
<table>
<title>Results</title>
<option name="count">10</option>
</table>
</row>
</form>
You can actually start a searchTemplate with a | lookup ...
but that won't work here, because you need to get the user's input into a variable. So I included a "dummy search" that just looks at the main index and pulls the first event it finds - and then ignores it.
Awesome! Great workaround. I was sooooo close!