Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I add src_asset_tag to my inventory?

rahul_acc_splun
New Member
‎12-01-2017 02:49 AM

I have a master asset list and I need to give them tagging so that when I type something like src_asset_tag=firewall I should get all source as firewall in logs.

0 Karma
Reply

nickhills
Ultra Champion
‎12-01-2017 07:35 AM

If i understand your question you want to map an asset tag (lets say ID0001) to a device. (I assume 'firewall' is your hostname)

Create a CSV file which maps your assets like so:

assettag,hostname
ID0001,firewall
ID0002,router01
ID0003,email-server

upload and add this file as a lookup file - assets.csv
Define a lookup table - AssetsLookup.

You can now use the Lookup to populate a form on a dashboard, and allow your users to select an asset ID.
The input will give you the hostname, so you can build a dashboard which searches

host=$asset.hostname$

If this is not enough detail - let me know and i'll try and come back with more detailed info when i am back at my desk

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...