Security

Splunk Automatic Lookups and Capitlization

jmcclure
Explorer

What is a work around for case sensitive automatic lookups? I am trying to build out an automatic lookup for users and the users are all different types of capitilization. I am doing a pull from ldap dropping it into a CSV and then having a custom Splunk command execute a python script that that duplicates every row with different user capitilization. BUT I still am having issues with one offs...

I know caculated fields could work BUT they are after lookups in searchtime calculations

Tags (1)
0 Karma
1 Solution

starcher
SplunkTrust
SplunkTrust

See option for case_sensitive_match =

In the lookups stanza for transforms.conf
https://docs.splunk.com/Documentation/Splunk/7.0.3/Admin/Transformsconf

View solution in original post

starcher
SplunkTrust
SplunkTrust

See option for case_sensitive_match =

In the lookups stanza for transforms.conf
https://docs.splunk.com/Documentation/Splunk/7.0.3/Admin/Transformsconf

View solution in original post

jmcclure
Explorer

Will that work with CSV lookups or jsut KSV? I'm diong a pull from Active Directory, dropping it into a CSV file and then creating lookups

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!