Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I add src_asset_tag to my inventory?

rahul_acc_splun
New Member
‎12-01-2017 02:49 AM

I have a master asset list and I need to give them tagging so that when I type something like src_asset_tag=firewall I should get all source as firewall in logs.

0 Karma
Reply

nickhills
Ultra Champion
‎12-01-2017 07:35 AM

If i understand your question you want to map an asset tag (lets say ID0001) to a device. (I assume 'firewall' is your hostname)

Create a CSV file which maps your assets like so:

assettag,hostname
ID0001,firewall
ID0002,router01
ID0003,email-server

upload and add this file as a lookup file - assets.csv
Define a lookup table - AssetsLookup.

You can now use the Lookup to populate a form on a dashboard, and allow your users to select an asset ID.
The input will give you the hostname, so you can build a dashboard which searches

host=$asset.hostname$

If this is not enough detail - let me know and i'll try and come back with more detailed info when i am back at my desk

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...