Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is it possible to add comments to lines in a CSV file?

mikesangray
Path Finder
‎08-24-2015 09:42 AM

Is it possible to add comments to lines in a csv file? I'd like to be able to #comment.

For example, csv list of IP ranges.
src
1.1.1.0/24 #comment
2.2.2.0/24 #comment

Tags (2)
0 Karma
Reply

mikesangray
Path Finder
‎08-25-2015 01:36 PM

Okay, I've got it working now. Thanks.

0 Karma
Reply

mikesangray
Path Finder
‎08-24-2015 11:38 AM

For now this is just a single lookup file used by "|inputlookup file.csv" stored in /opt/splunk/etc/system/lookups.

I'm using the file to exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."

Soon I will transition it into a lookup table, indexed log file, or maybe even into a database and use db connect, but for now I'm still learning splunk and doing only newbie-style lookups.

0 Karma
Reply

jensonthottian
Contributor
‎08-24-2015 11:56 AM

Use some thing like this for "exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."

your base search NOT [|inputlookup file.csv |table coloumnName]

This should do it.

0 Karma
Reply

somesoni2
Revered Legend
‎08-24-2015 10:04 AM

How is this CSV stored in Splunk?? Lookup table files OR it's indexed in some index??

0 Karma
Reply

tomaslo
Engager
‎01-31-2018 11:58 AM

Look at the answer here for a solution:
https://answers.splunk.com/answers/32704/lookup-tables-and-comments.html

Short:
Add a comment field and do not use that field in any reference.

0 Karma
Reply

jensonthottian
Contributor
‎08-24-2015 10:04 AM

CSVs the way you mean them are treated in a different way than regular log files.
There are 2 basic kinds:

"just CSVs", which are only accessed via "| inputcsv" and "| outputcsv"
lookup CSVs, which are accessed with commands "| lookup", "| inputlookup" and "| outputlookup"

Use the oputputcsv or outputlookup commands to add comment to your CSV in Splunk web

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...