Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to insert static data in dashboard?

iKate
Builder
‎07-04-2012 01:48 AM

Hello

Let's say there are several Excel tables and it is needed to make graphs using its data in Splunk dashboard. How can one insert these tables?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dart
Splunk Employee
Splunk Employee
‎07-04-2012 03:10 AM

If I understand correctly, you have data in an excel file, and you want to chart something just from that data in Splunk.

Are you able to export the tables as CSV files?

You can then define a lookup from the csv file, and then use the search command inputlookup to read in the data, which you can then pipe to stats, chart or timechart. For example:

| inputlookup my_lookup_name | chart count by field

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dart
Splunk Employee
Splunk Employee
‎07-04-2012 03:10 AM

If I understand correctly, you have data in an excel file, and you want to chart something just from that data in Splunk.

Are you able to export the tables as CSV files?

You can then define a lookup from the csv file, and then use the search command inputlookup to read in the data, which you can then pipe to stats, chart or timechart. For example:

| inputlookup my_lookup_name | chart count by field
0 Karma
Reply
Solved! Jump to solution

iKate
Builder
‎07-04-2012 08:52 AM

Nevertheless it was a confusion with "inputlookup" command as it turned out that
1) the command should be strictly in the beginning of the search
2) should start with "|"
3) and the rest of the search should be appended.
All this was not obvius from its description in the search commands reference (maybe just for me).

So my working string looks like this:

| inputlookup my_lookup_csv_file

| append [search source="my_source"
...... ]

Thanks again!

0 Karma
Reply
Solved! Jump to solution

iKate
Builder
‎07-04-2012 08:52 AM

Dart, thank you a lot! You showed me the right direction of solving the problem. Now I see vast horizons of how to use this new knowledge..:) I've already tried "inputlookup" and "lookup" and got exactly what I needed!

I used splunk manager interface instead of editing config files to create lookup tables: http://docs.splunk.com/Documentation/Splunk/4.3.3/User/CreateAndConfigureFieldLookups

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...