https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16433#M1973 <P>I'm not "100%" sure what you mean by flat tables, but it sounds like what you are looking for is splunk's lookup mechanism, which is new in Splunk 4.x.</P> <P>You have two different options for lookups:</P> <UL> <LI>Simple flat file (*.csv)</LI> <LI>Scripted lookups (you write a small python script which does the heavy-lifting; which lets you do whatever kind of lookup you'd need, like a SQL query, internet lookup, or whatever else you need.)</LI> </UL> <P>Docs:</P> <UL> <LI><A href="http://www.splunk.com/base/Documentation/latest/Knowledge/Addfieldsfromexternaldatasource" rel="nofollow">Look up fields from external data sources</A></LI> </UL> Tue, 29 Jun 2010 23:50:00 GMT Lowell 2010-06-29T23:50:00Z https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16432#M1972 <P>Hello all,</P> <P>I'm on the fish for ideas or anybody who has previous experience with this.</P> <P>Essentially, we have two tables of (mostly) fixed data which we would like to 'teach' Splunk (for want of a better term).</P> <P>To put it in context we have throughput files that report a transaction ID and a transaction time, Splunk grabs these fields no problem. Elsewhere in some flat tables we have transaction names (that relate to an ID) and a time threshold for each transaction time.</P> <P>Is there anyway we can bring this data into the mix? If Splunk can know about the average for each transactions, and compare to the actual times (our main concern) and if it could line up the arbitrary transactions ID's with the meaningful names it would make analysis of the logs inifnitely more useful.</P> <P>I'm a bit of a Splunk noob (actually, a lot of one) so sorry if there is precedent for this or some glaringly obvious answer. Really just looking for any sort of starting point.</P> <P>Thanks in advance for any advice you can give. I can elaborate further if need be.</P> Tue, 29 Jun 2010 22:35:34 GMT https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16432#M1972 srw46 2010-06-29T22:35:34Z https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16433#M1973 <P>I'm not "100%" sure what you mean by flat tables, but it sounds like what you are looking for is splunk's lookup mechanism, which is new in Splunk 4.x.</P> <P>You have two different options for lookups:</P> <UL> <LI>Simple flat file (*.csv)</LI> <LI>Scripted lookups (you write a small python script which does the heavy-lifting; which lets you do whatever kind of lookup you'd need, like a SQL query, internet lookup, or whatever else you need.)</LI> </UL> <P>Docs:</P> <UL> <LI><A href="http://www.splunk.com/base/Documentation/latest/Knowledge/Addfieldsfromexternaldatasource" rel="nofollow">Look up fields from external data sources</A></LI> </UL> Tue, 29 Jun 2010 23:50:00 GMT https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16433#M1973 Lowell 2010-06-29T23:50:00Z https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16434#M1974 <P>Thank you Lowell, this is indeed what we were looking for!</P> Mon, 05 Jul 2010 16:03:53 GMT https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16434#M1974 srw46 2010-07-05T16:03:53Z https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16435#M1975 <P>Great. If this answers your question, you can indicate so by click the check mark on the side.</P> Tue, 06 Jul 2010 01:46:52 GMT https://community.splunk.com/t5/Getting-Data-In/Integrating-a-series-of-flat-values-into-Splunk/m-p/16435#M1975 Lowell 2010-07-06T01:46:52Z