Sometimes it is useful to store small amounts of data outside of a Splunk index. Using the
outputcsv commands, we can store tabular data in CSV files on the filesystem.
If a dashboard contains a dynamic dropdown, you must use a search to populate the dropdown. As the amount of data increases, the query to populate the dropdown will run more and more slowly, even from a summary index. We can use a CSV file to store just the information needed, simply adding new values when they occur.
First, we build a query to generate the CSV file. This query should be run over as much data as possible:
source="impl_splunk_gen" | stats count by user | outputcsv user_list.csv
Next, we need ...