Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to report based on different lookup tables

pstamati
Path Finder
‎01-03-2018 09:23 AM

Hello!

I have been looking for a way to report or dashboard based on this scenario. I have 3 different lookup tables:
Table 1: Key field IP Address, with field 2, field 3, field 4, etc.
Table 2: Key field IP Address, with field 5, field 6, field 7 etc.
Table 3: Key field IP Address, with field 8, field 9 and field 10.

How can I report/dashboard to show something like:

IP address, field 2, field3, field 4, field5, field6, ....field 10?

Thanks in advance for any assistance you can provide as I have been unsuccessfully trying this for quite so long. These tables are been automatically generated by Splunk grabbing data from different sources so I would avoid the manual process of just manually downloading this and consolidate it 🙂

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎01-03-2018 09:27 AM

You can do like this

| inputlookup YourLookupTable1.csv  | table IP_ADDRESS field2 field3 field4 
| lookup YourLookupTable2.csv IP_ADDRESS OUTPUT field5 field6 field7
| lookup YourLookupTable3.csv IP_ADDRESS OUTPUT field8 field9 field10

View solution in original post

0 Karma
Reply
Solved! Jump to solution

pstamati
Path Finder
‎01-03-2018 10:07 AM

I found it...sorry, I needed to use AS to match IP Address from Table 1 and Table 2.
Many thanks!!

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎01-03-2018 09:27 AM

You can do like this

| inputlookup YourLookupTable1.csv  | table IP_ADDRESS field2 field3 field4 
| lookup YourLookupTable2.csv IP_ADDRESS OUTPUT field5 field6 field7
| lookup YourLookupTable3.csv IP_ADDRESS OUTPUT field8 field9 field10
0 Karma
Reply
Solved! Jump to solution

pstamati
Path Finder
‎01-03-2018 10:04 AM

Thanks for your reply. I was just trying what you've suggested. So for a particular IP address, I want to list all the fields in the 3 different lookups I have. Is there any match or Join I need to do to get that?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...