https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136486#M37344 <P>Hi,</P> <P>in my searches I want to filter my events when the field "Version" has specific values. The list of values I want to include in the searches will increase over time and would it be nice to have an ease way to handle this, instead of adjusting all searches everytime.</P> <P>Is it possible to use a lookuptable in the a search to achieve this? So that I will just have to adjust the lookuptable to define the filter for my needed "Versions".</P> <P>Thanks in advance </P> <P>Heinz</P> Mon, 11 Nov 2013 10:53:10 GMT HeinzWaescher 2013-11-11T10:53:10Z https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136486#M37344 <P>Hi,</P> <P>in my searches I want to filter my events when the field "Version" has specific values. The list of values I want to include in the searches will increase over time and would it be nice to have an ease way to handle this, instead of adjusting all searches everytime.</P> <P>Is it possible to use a lookuptable in the a search to achieve this? So that I will just have to adjust the lookuptable to define the filter for my needed "Versions".</P> <P>Thanks in advance </P> <P>Heinz</P> Mon, 11 Nov 2013 10:53:10 GMT https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136486#M37344 HeinzWaescher 2013-11-11T10:53:10Z https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136487#M37345 <P>You could use the inputlookup command to do this.</P> <P>So you might have a lookup file called versions.csv</P> <PRE><CODE>Version 1.0 2.0 3.0 </CODE></PRE> <P>And then you can use a search like :</P> <PRE><CODE>&lt;search terms&gt; [ | inputlookup &lt;your lookup&gt; ] index=foo sourcetype=goo [ | inputlookup versions | fields Version ] </CODE></PRE> Mon, 11 Nov 2013 11:19:17 GMT https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136487#M37345 Damien_Dallimor 2013-11-11T11:19:17Z https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136488#M37346 <P>Hi,</P> <P>thanks, that's a way I was looking for <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /> Will this kind of command filter exact matches of the fieldvalue? Or will the output include a Version 1.0.1 as well, when your example above is used?</P> Mon, 11 Nov 2013 11:50:19 GMT https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136488#M37346 HeinzWaescher 2013-11-11T11:50:19Z https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136489#M37347 <P>Exact matches. So your lookup file will need all the versions explictly entered.</P> Mon, 11 Nov 2013 11:52:28 GMT https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136489#M37347 Damien_Dallimor 2013-11-11T11:52:28Z https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136490#M37348 <P>Ok, that's nice. Thanks a lot for your help!</P> Mon, 11 Nov 2013 11:53:30 GMT https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136490#M37348 HeinzWaescher 2013-11-11T11:53:30Z https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136491#M37349 <P>Hi @Damien Dallimore [Splunk], </P> <P>I tried for similar outcome to search my query ; however no result is found. <BR /> Note: In my .csv file there is only one column and it looks like below: <BR /> Application<BR /> abc*<BR /> xyz*<BR /> aaa* n so on. </P> <P>Query is <BR /> index="index_name" [ | inputlookup "filename" | fields Application ] | table field1, field2</P> <P>Anything I am missing. Kindly help. </P> <P>Thanks &amp; Regards,<BR /> Binay Agarwal </P> Thu, 05 Jan 2017 10:51:27 GMT https://community.splunk.com/t5/Splunk-Search/Use-Lookup-To-Filter-Events/m-p/136491#M37349 bagarwal 2017-01-05T10:51:27Z