All Apps and Add-ons
Highlighted

How to do a bulk phone number search and return corresponding required field

New Member

Hi Splunkers,

Please help me,

I have a search as below:

| inputlookup bbextract.csv
| search bbfnn=xxxxxxxxx
| fields bbkenan

bbfnn= phone number
bbnbnfnn= nbn phone number
bbkenan= account number

My problem is bbfnn field can also be bbnbnfnn and I would like to to a bulk search.
So example I would enter example x10 phone numbers amd would like it to return the corresponding account numbers.

Is anyone able to assist?

Tags (2)
0 Karma
Highlighted

Re: How to do a bulk phone number search and return corresponding required field

Contributor

I think you just need to use OR.

...
| search bbfnn=xxxxx OR bbnbnfnn=xxxxx OR bbkenan=xxxxx 

If your data is actually in a lookup, inputlookup does support filters, which will be more efficient that piping through search.

https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/Inputlookup

If your data is NOT in a lookup, then a query that contains the bare word can help your query efficiency, as well.

index=foo (xxxxx AND ( bbfnn=xxxxx OR bbnbnfnn=xxxxx OR bbkenan=xxxxx ) )
0 Karma
Highlighted

Re: How to do a bulk phone number search and return corresponding required field

New Member

Hi Vbumgarner,

Appreciate your solution.

Is there a way I can combine the x2 fields bbfnn and bbnbnfnn into one column?

Your method works but what if I need to enter a large amount of numbers to search?

My end goal is to create a dashboard where I can past x numbers (100+) and run the search.

Currently, I have a dash board where I am able to execute this but restricted to only being able to search the field bbfnn.

0 Karma
Highlighted

Re: How to do a bulk phone number search and return corresponding required field

Esteemed Legend

Forget about your attempts to implement a solution. Show us your sample events, show us your desired text input, and show us a mockup of your desired result. Then describe the logic that goes with it.

0 Karma