Solved: Splunk Automatic Lookups and Capitlization

jmcclure · ‎04-04-2018

What is a work around for case sensitive automatic lookups? I am trying to build out an automatic lookup for users and the users are all different types of capitilization. I am doing a pull from ldap dropping it into a CSV and then having a custom Splunk command execute a python script that that duplicates every row with different user capitilization. BUT I still am having issues with one offs...

I know caculated fields could work BUT they are after lookups in searchtime calculations

starcher · ‎04-04-2018

See option for case_sensitive_match =

In the lookups stanza for transforms.conf
https://docs.splunk.com/Documentation/Splunk/7.0.3/Admin/Transformsconf

View solution in original post

starcher · ‎04-04-2018

See option for case_sensitive_match =

In the lookups stanza for transforms.conf
https://docs.splunk.com/Documentation/Splunk/7.0.3/Admin/Transformsconf

jmcclure · ‎04-04-2018

Will that work with CSV lookups or jsut KSV? I'm diong a pull from Active Directory, dropping it into a CSV file and then creating lookups

Splunk Automatic Lookups and Capitlization

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7