Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I setup a lookup table based off of sitecode?

jmartelon
New Member
‎02-08-2018 10:47 AM

We have 3 main site-codes in our environment and we are trying to implement a lookup table via Splunk. Here is what we have done so far. We created a Python script for asset discovery that we are running daily. Upon these results, we created a directory to where these results save at, and we created an index and a stanza to monitor these files daily.

The data we receive from the results of the scan we are trying to put into a lookup table for easier searching. Such as 

index=vuln_test source=asset_disc 3389_state=open AND cred_success=False 
| lookup site_code, corresponding IP, (and results of the scan)
Tags (3)
0 Karma
Reply

493669
Super Champion
‎02-08-2018 11:13 AM

once you have define your lookup then use |outputlookup command to store the results of scan.
try this:

index=vuln_test source=asset_disc 3389_state=open AND cred_success=False|table  site_code, corresponding IP, (and results of the scan)|outputlookup <lookupFileName>
0 Karma
Reply

jmartelon
New Member
‎02-09-2018 12:20 PM

This is good information, but I'm not entirely sure on how to get this to be able to search

0 Karma
Reply

493669
Super Champion
‎02-09-2018 05:32 PM

for creation of csv type lookup refer:
http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/Knowledge/Usefieldlookupstoaddinformationtoyo...
and how outputlookup works refer:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Outputlookup

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...