https://community.splunk.com/t5/Getting-Data-In/How-can-I-filter-data-in-search-time-from-a-generated-csv-file/m-p/259856#M49869 <P>The <CODE>inputlookup</CODE> command is no different than using <CODE>index=myindex sourcetype=mysourcetype</CODE>; you have all the same filtering options with additional pipelines of commands. The only difference is that you must do a <CODE>| search</CODE> first. So you can do something like this:</P> <PRE><CODE>| inputlookup | search NOT name="adm*" </CODE></PRE> Wed, 25 Jan 2017 16:31:57 GMT woodcock 2017-01-25T16:31:57Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-filter-data-in-search-time-from-a-generated-csv-file/m-p/259855#M49868 <P>Hi,</P> <P>I have a csv file, generated each day from a Powershell script under the Splunk app lookups directory.<BR /> I use the info in those records with the <CODE>| inputlookup</CODE> command in many other searches. The columns are name, surname and domain of the internal company network.</P> <P>Is there a way to filter (in search time) only some of those records present in the .csv file (maybe in a wildcard fashion - for example: eliminate those which name start with adm*)?</P> <P>Thanks for any suggestion,<BR /> Skender</P> Wed, 25 Jan 2017 16:17:47 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-filter-data-in-search-time-from-a-generated-csv-file/m-p/259855#M49868 skender27 2017-01-25T16:17:47Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-filter-data-in-search-time-from-a-generated-csv-file/m-p/259856#M49869 <P>The <CODE>inputlookup</CODE> command is no different than using <CODE>index=myindex sourcetype=mysourcetype</CODE>; you have all the same filtering options with additional pipelines of commands. The only difference is that you must do a <CODE>| search</CODE> first. So you can do something like this:</P> <PRE><CODE>| inputlookup | search NOT name="adm*" </CODE></PRE> Wed, 25 Jan 2017 16:31:57 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-filter-data-in-search-time-from-a-generated-csv-file/m-p/259856#M49869 woodcock 2017-01-25T16:31:57Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-filter-data-in-search-time-from-a-generated-csv-file/m-p/259857#M49870 <P>If I understand your request, is this sort of what you're looking for?</P> <PRE><CODE>|inputlookup testlookup1 | search NOT user=adm* </CODE></PRE> <P>or for just the user field</P> <PRE><CODE>|inputlookup testlookup1 | fields + user | search NOT user=adm* </CODE></PRE> <P>(whatever your field is)</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/2384i8FA0955F8CD8C514/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/2385iD6DC7367F1E4A4D9/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Wed, 25 Jan 2017 16:32:44 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-filter-data-in-search-time-from-a-generated-csv-file/m-p/259857#M49870 adayton20 2017-01-25T16:32:44Z