Re: Lookup tables inputs apps

brod_geico · ‎03-12-2015

Hello folks,

I'm not a developer but trying to see how I can finish this task.

Here is my requirement:

Every week I get 2 CSV files; one sheet with username/city/email/fullname/mobile and another with location/IP etc. The files will be saved in a default lookup location.

Here is what I'm expecting:

I need to setup a dashboard that provides a choice of selecting my CSV (lookup) files such as week 1 or week 3. Once selected, the files will be loaded and that data will be shown.

I'm looking for a drop down list of the lookup files within the default location and then show the associated data.

Any earlier response will be much appreciated.

dolivasoh · ‎03-13-2015

You can use form inputs (multi select) to assign search language to a token. Basically you'd be writing the main part of the search in a token. In the multi select menu, you can set your dropdown list labels to whatever label you like and the values for each would be your search string. Then place the tokens in your dashboard panel searches to populate them

Multiselect Options;
CSV1 > |inputlookup csv1.csv
CSV2 > |inputlookup csv2.csv
...
These get assigned to a token for which you can set the name (token_name in this example)

Search Panels;
$token_name$ | stats count by blah

$token_name$ | chart count over blah by blah

And so on..

brod_geico · ‎03-17-2015

Thanks sounds like some direction to work.
but i never worked on tokens, do we have any splunk app see here is my headers for those sheets.

Arrival city Country Email First name From date Last name Mobile To date

Lookup tables inputs apps

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases