Is it possible to add comments to lines in a CSV f...

mikesangray · ‎08-24-2015

Is it possible to add comments to lines in a csv file? I'd like to be able to #comment.

For example, csv list of IP ranges.
src
1.1.1.0/24 #comment
2.2.2.0/24 #comment

mikesangray · ‎08-25-2015

Okay, I've got it working now. Thanks.

mikesangray · ‎08-24-2015

For now this is just a single lookup file used by "|inputlookup file.csv" stored in /opt/splunk/etc/system/lookups.

I'm using the file to exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."

Soon I will transition it into a lookup table, indexed log file, or maybe even into a database and use db connect, but for now I'm still learning splunk and doing only newbie-style lookups.

jensonthottian · ‎08-24-2015

Use some thing like this for "exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."

your base search NOT [|inputlookup file.csv |table coloumnName]

This should do it.

somesoni2 · ‎08-24-2015

How is this CSV stored in Splunk?? Lookup table files OR it's indexed in some index??

tomaslo · ‎01-31-2018

Look at the answer here for a solution:
https://answers.splunk.com/answers/32704/lookup-tables-and-comments.html

Short:
Add a comment field and do not use that field in any reference.

jensonthottian · ‎08-24-2015

CSVs the way you mean them are treated in a different way than regular log files.
There are 2 basic kinds:

Use the oputputcsv or outputlookup commands to add comment to your CSV in Splunk web

Is it possible to add comments to lines in a CSV file?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk