Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Lookup- UnMatched Values

ashishlal82
Explorer
‎07-01-2016 02:19 PM

http://docs.splunk.com/Documentation/Splunk/6.4.1/Knowledge/ConfigureCSVlookups#Prefilter_large_CSV_...

I have configured my lookup as stated in the above documentation and I am getting the result except for non matched values. how can I get non matched.

Tags (4)
0 Karma
Reply

sundareshr
Legend
‎07-05-2016 01:43 PM

Try this

... | eval fieldname=coalesce(fieldname, "deny")
0 Karma
Reply

woodcock
Esteemed Legend
‎07-04-2016 12:26 PM

After the lookup do this:

... | filllnull value="NotMatched" MyLookupOutputField
0 Karma
Reply

ashishlal82
Explorer
‎07-05-2016 10:55 AM

Thanks. filllnull value="NotMatched" MyLookupOutputField This works for values that the splunk did not realize it from the source. My .csv has 2 values "allow" and "deny". Right now I am getting "allow" for the values that match based in my automatic lookup definition, I just want the unmatch or "deny" to be added to my field when theres no match. Would a case statement with if clause would work?

0 Karma
Reply

woodcock
Esteemed Legend
‎07-06-2016 06:29 AM

Like this:

... | filllnull value="deny" MyLookupOutputField
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...