Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to add comments to lines in a CSV file?

mikesangray
Path Finder
‎08-24-2015 09:42 AM

Is it possible to add comments to lines in a csv file? I'd like to be able to #comment.

For example, csv list of IP ranges.
src
1.1.1.0/24 #comment
2.2.2.0/24 #comment

Tags (2)
0 Karma
Reply

mikesangray
Path Finder
‎08-25-2015 01:36 PM

Okay, I've got it working now. Thanks.

0 Karma
Reply

mikesangray
Path Finder
‎08-24-2015 11:38 AM

For now this is just a single lookup file used by "|inputlookup file.csv" stored in /opt/splunk/etc/system/lookups.

I'm using the file to exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."

Soon I will transition it into a lookup table, indexed log file, or maybe even into a database and use db connect, but for now I'm still learning splunk and doing only newbie-style lookups.

0 Karma
Reply

jensonthottian
Contributor
‎08-24-2015 11:56 AM

Use some thing like this for "exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."

your base search NOT [|inputlookup file.csv |table coloumnName]

This should do it.

0 Karma
Reply

somesoni2
Revered Legend
‎08-24-2015 10:04 AM

How is this CSV stored in Splunk?? Lookup table files OR it's indexed in some index??

0 Karma
Reply

tomaslo
Engager
‎01-31-2018 11:58 AM

Look at the answer here for a solution:
https://answers.splunk.com/answers/32704/lookup-tables-and-comments.html

Short:
Add a comment field and do not use that field in any reference.

0 Karma
Reply

jensonthottian
Contributor
‎08-24-2015 10:04 AM

CSVs the way you mean them are treated in a different way than regular log files.
There are 2 basic kinds:

"just CSVs", which are only accessed via "| inputcsv" and "| outputcsv"
lookup CSVs, which are accessed with commands "| lookup", "| inputlookup" and "| outputlookup"

Use the oputputcsv or outputlookup commands to add comment to your CSV in Splunk web

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...