Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show customized data in output?

avd
New Member
‎05-12-2023 06:27 PM

Hi, I've recently started using Splunk logs. I have a query to fetch client IDs who call my APIs. These client IDs are some UUIDs. I would rather like to see a customized name for these IDs. 

For example, I can save the mapping of the client ID and its easy-to-read client name in a CSV or somewhere and want my Splunk query to show the client name.

Is this possible? Could someone help how to do it?

Labels (1)
Labels
0 Karma
Reply

jeffland
SplunkTrust
SplunkTrust
‎05-12-2023 10:18 PM

There is more than one way to do it. Since you mentioned csv already, let's use that. I'm going to assume it has two columns, uuid and client_id.

You need your csv in Splunk for this of course - so either upload it or create it in Splunk if you haven't done so already. Next, I'd suggest you create a lookup definition for your csv file. Then, you'd use your lookup like this:

index=this <your search finding UUIDs>
| lookup your_lookup_definition uuid OUTPUT client_id
| table _time client_id src_ip method (or whatever other fields you want)

If this is something you always want for this type of data, you might want to consider an automatic lookup. That would make splunk implicitly run that | lookup command for all searches against e.g. this sourcetype, so you wouldn't need to have it in every SPL explicitly.

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...