Knowledge Management

Why don't I see match_type in Lookup Definition Advanced options

paulkrier
Engager

I'm running Splunk 6.5. I see Min Matches, Max Matches, and Default Matches. I would like to define a lookup table that uses CIDR ranges. Is this a permissions issue, a version issue, or a configuration issue? I've see screen shots that suggest their should be match_type field in advanced options. I don't have access to modify transforms.conf directly.

Thanks.

pk

Tags (1)
0 Karma

jagadeeshreddy2
Explorer

I am pretty sure they enabled CIDR (match_type) option in recent versions (7.0+ versions) of splunk. We cannot apply CIDR (match_type) in 6.5 version through UI in Advanced options.

0 Karma

paulkrier
Engager

So the only way to do this in versions prior to 7 is to manually edit that transform.conf file? Is a match_type of CIDR supported in 6.5 and just not available via the UI or is the feature absent altogether?

0 Karma

jagadeeshreddy2
Explorer

Typically yes!!! Editing the transforms.conf file is the only option.

0 Karma

paulkrier
Engager

Thanks so much for the info. At least I know where I stand. I have also found through a little experimenting in the UI that the match_type parameter is not preserved when I clone a definition where it is set. That seems like a bug to me...

0 Karma

somesoni2
Revered Legend

What role do you have (for the user you're logging in as)?

0 Karma

paulkrier
Engager

Power User

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...