Getting Data In

How to add a CSV lookup table - Splunk Light Free eval

L479
Engager

How can a CSV based lookup table be added to Splunk Light Free; and are lookup tables supported in Splunk Light Free?

We've 30+ ones to add and would like a faster way such as the web interface instead of configuration file editing.

0 Karma

jphohloch
Engager
0 Karma

inventsekar
Super Champion

http://docs.splunk.com/Documentation/SplunkLight/6.4.2/References/Listofsearchcommands
there is no lookup command on the list of available commands on Splunk Light.

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.
0 Karma

waechtler
Path Finder

Maybe, but it works

0 Karma

inventsekar
Super Champion

oh ok.. thanks.

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.
0 Karma

waechtler
Path Finder

splunk light does support lookups, you just have to configure them manually:

in ~etc/apps/search/lookups add your .csv file:
mylookup.csv

in ~etc/apps/search/local/transforms.conf:

[mylookup]
filename = mylookup.csv

It will also work if placed in app specific directories

0 Karma

sophy
Splunk Employee
Splunk Employee

The current version of Splunk Light does not support lookup tables.

yschiff
New Member

Does Splunk Light still not support lookup tables? I'm looking to use an external source to correlate the IP addresses from my firewall logs to the DNS names of the matching computers. Is there another way to do this in Light?

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...