https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258198#M77350 <P>I tried to use regex on inputlookup csv file, but seems that although Splunk regex works fine on search but<BR /> it doesnt work on inputlookup tables. </P> <P>Is there anyway to add a python script that takes the input csv file and then gives me the parsed value from the regex to be piped for next processing ?</P> <P>i.e.</P> <P>| inputlookup data.csv python_regex_script.py | table regex_field</P> <P>Also as a general question, is it possible to add python script in a splunk search query ?</P> Tue, 29 Sep 2020 09:10:46 GMT smhsplunk 2020-09-29T09:10:46Z https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258198#M77350 <P>I tried to use regex on inputlookup csv file, but seems that although Splunk regex works fine on search but<BR /> it doesnt work on inputlookup tables. </P> <P>Is there anyway to add a python script that takes the input csv file and then gives me the parsed value from the regex to be piped for next processing ?</P> <P>i.e.</P> <P>| inputlookup data.csv python_regex_script.py | table regex_field</P> <P>Also as a general question, is it possible to add python script in a splunk search query ?</P> Tue, 29 Sep 2020 09:10:46 GMT https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258198#M77350 smhsplunk 2020-09-29T09:10:46Z https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258199#M77351 <P>Not sure what you intended to do, but if you had this lookup file:</P> <PRE><CODE>customer host service Customer1 ABC123431 Service1 Customer2 ABC123300 Service2 Customer3 ABC123321 Service3 </CODE></PRE> <P>And you are interested in what comes after the ABC in the host field, you can simply do this:</P> <PRE><CODE>| inputlookup file.csv | rex field=host "ABC(?&lt;host_id&gt;\d+)" | table customer host host_id service </CODE></PRE> <P>The rex command will extract any regular expression from any field you tell it to, no matter the source.</P> Thu, 24 Mar 2016 14:19:45 GMT https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258199#M77351 jeffland 2016-03-24T14:19:45Z https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258200#M77352 <P>One cannot use a regex with inputlookup directly. However, there are other options.</P> <P>If you're running 6.3.3, you may be able to use inputlookup's where argument to filter the lookup data<BR /> Pipe the lookup to <CODE>regex</CODE> as in <CODE>|inputlookup data.csv foo | regex "some regex string" | ...</CODE> <BR /> Create a custom command that reads and processes your CSV file. See the <CODE>script</CODE> command at <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Script">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Script</A> and "About writing custom search commands" at <A href="http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands">http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands</A>.</P> Thu, 24 Mar 2016 14:26:07 GMT https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258200#M77352 richgalloway 2016-03-24T14:26:07Z https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258201#M77353 <P>Thanks! I am going through the examples right now.<BR /> Will get back if I run into any issues.</P> Thu, 24 Mar 2016 17:14:27 GMT https://community.splunk.com/t5/Splunk-Search/regex-on-inputlookup-via-python-script/m-p/258201#M77353 smhsplunk 2016-03-24T17:14:27Z