search lookup table for value

hartfoml — Fri, 14 Jun 2013 18:52:10 GMT

so I can grep the look-up table to find an entry

I can see the contents of the look-up table by doing this
| inputlookup Domains.csv

I want to find a specific entry in the look-up table but I cant seem to find the right syntax

I tried this | inputlookup Domains.csv | search google.com

and this search "google.com" [| inputlookup Domains.csv ]

Re: search lookup table for value

Gilberto_Castil — Fri, 14 Jun 2013 19:37:34 GMT

You will have to use the meta data (field) in your search condition. Using a free form search where the job is to find a text string in the raw data will not work. There is no _raw data.

For instance, assume that your CSV contains very important domains like so:

domain
google.com
splunk.com
theoatmeal.com

When you run the search, you get the following results

| inputlookup Domains.csv

If you use the metafield obtained, then you can isolate the most important domain.

| inputlookup Domains.csv | search domain="theoatmeal.com"

Then you can enjoy the most important site on the Web.

topic search lookup table for value in Splunk Search

search lookup table for value

Re: search lookup table for value