Splunk Search

Lookup tables inputs apps

brod_geico
Path Finder

Hello folks,

I'm not a developer but trying to see how I can finish this task.

Here is my requirement:

Every week I get 2 CSV files; one sheet with username/city/email/fullname/mobile and another with location/IP etc. The files will be saved in a default lookup location.

Here is what I'm expecting:

I need to setup a dashboard that provides a choice of selecting my CSV (lookup) files such as week 1 or week 3. Once selected, the files will be loaded and that data will be shown.

I'm looking for a drop down list of the lookup files within the default location and then show the associated data.

Any earlier response will be much appreciated.

0 Karma

dolivasoh
Contributor

You can use form inputs (multi select) to assign search language to a token. Basically you'd be writing the main part of the search in a token. In the multi select menu, you can set your dropdown list labels to whatever label you like and the values for each would be your search string. Then place the tokens in your dashboard panel searches to populate them

Multiselect Options;
CSV1 > |inputlookup csv1.csv
CSV2 > |inputlookup csv2.csv
...
These get assigned to a token for which you can set the name (token_name in this example)

Search Panels;
$token_name$ | stats count by blah

$token_name$ | chart count over blah by blah

And so on..

0 Karma

brod_geico
Path Finder

Thanks sounds like some direction to work.
but i never worked on tokens, do we have any splunk app see here is my headers for those sheets.

Arrival city Country Email First name From date Last name Mobile To date

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...