Solved: How to read a number, then convert to correspondin...

bryceweb22 · ‎06-25-2019

I am trying to extract a module/level ID from my logs and have splunk take that ID and match it to the corresponding name from a csv file and put that into a stats table, please help.

Thanks!

sandeepmakkena · ‎06-25-2019

YourSearch | rex field=_raw max_match=0 "level ID":\"(?< ID>\d+)\""
| lookup file.csv level ID as ID OUTPUT corresponding_name
| table corresponding_name count

Save your .csv to lookup folder

file.csv

ID corresponding_name
1 A
2 B

This should work.

View solution in original post

sandeepmakkena · ‎06-25-2019

YourSearch | rex field=_raw max_match=0 "level ID":\"(?< ID>\d+)\""
| lookup file.csv level ID as ID OUTPUT corresponding_name
| table corresponding_name count

Save your .csv to lookup folder

file.csv

ID corresponding_name
1 A
2 B

This should work.

starcher · ‎06-25-2019

https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutlookupsandfieldactions

You want to make and use a lookup

How to read a number, then convert to corresponding string and stats table?

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

Getting Started with Splunk Artificial Intelligence, Insights for Nonprofits, and ...

Are you a member of the Splunk Community?

How to read a number, then convert to corresponding string and stats table?

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

Getting Started with Splunk Artificial Intelligence, Insights for Nonprofits, and ...