How can I add src_asset_tag to my inventory?

rahul_acc_splun · ‎12-01-2017

I have a master asset list and I need to give them tagging so that when I type something like src_asset_tag=firewall I should get all source as firewall in logs.

nickhills · ‎12-01-2017

If i understand your question you want to map an asset tag (lets say ID0001) to a device. (I assume 'firewall' is your hostname)

Create a CSV file which maps your assets like so:

assettag,hostname
ID0001,firewall
ID0002,router01
ID0003,email-server

upload and add this file as a lookup file - assets.csv
Define a lookup table - AssetsLookup.

You can now use the Lookup to populate a form on a dashboard, and allow your users to select an asset ID.
The input will give you the hostname, so you can build a dashboard which searches

host=$asset.hostname$

If this is not enough detail - let me know and i'll try and come back with more detailed info when i am back at my desk

If my comment helps, please give it a thumbs up!

How can I add src_asset_tag to my inventory?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

How can I add src_asset_tag to my inventory?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future