Using CSV files to store transient data

Sometimes it is useful to store small amounts of data outside of a Splunk index. Using the inputcsv and outputcsv commands, we can store tabular data in CSV files on the filesystem.

Pre-populating a dropdown

If a dashboard contains a dynamic dropdown, you must use a search to populate the dropdown. As the amount of data increases, the query to populate the dropdown will run more and more slowly, even from a summary index. We can use a CSV file to store just the information needed, simply adding new values when they occur.

First, we build a query to generate the CSV file. This query should be run over as much data as possible:

source="impl_splunk_gen"
  | stats count by user
  | outputcsv user_list.csv

Next, we need ...

Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Using CSV files to store transient data

Pre-populating a dropdown

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly