Knowledge Management

Why don't I see match_type in Lookup Definition Advanced options

paulkrier
Engager

I'm running Splunk 6.5. I see Min Matches, Max Matches, and Default Matches. I would like to define a lookup table that uses CIDR ranges. Is this a permissions issue, a version issue, or a configuration issue? I've see screen shots that suggest their should be match_type field in advanced options. I don't have access to modify transforms.conf directly.

Thanks.

pk

Tags (1)
0 Karma

jagadeeshreddy2
Explorer

I am pretty sure they enabled CIDR (match_type) option in recent versions (7.0+ versions) of splunk. We cannot apply CIDR (match_type) in 6.5 version through UI in Advanced options.

0 Karma

paulkrier
Engager

So the only way to do this in versions prior to 7 is to manually edit that transform.conf file? Is a match_type of CIDR supported in 6.5 and just not available via the UI or is the feature absent altogether?

0 Karma

jagadeeshreddy2
Explorer

Typically yes!!! Editing the transforms.conf file is the only option.

0 Karma

paulkrier
Engager

Thanks so much for the info. At least I know where I stand. I have also found through a little experimenting in the UI that the match_type parameter is not preserved when I clone a definition where it is set. That seems like a bug to me...

0 Karma

somesoni2
Revered Legend

What role do you have (for the user you're logging in as)?

0 Karma

paulkrier
Engager

Power User

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...