Solved: How to link both syslogs in splunk?

jliaw · ‎07-09-2018

Here is the case.
I have a syslogs that contain serial ID that represent different location. On the other hand, I have a excel sheets in csv. form that show the location name with respective serial ID.
While plotting the graph, I need the graph display the location instead of the serial ID.
May I know how to link both data together so that the graph plot is showing the location name?

renjith_nair · ‎07-09-2018

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

jliaw · ‎07-11-2018

https://www.youtube.com/watch?v=42nWPmzbYCk
A useful video for a simple Vlookup in Splunk.

renjith_nair · ‎07-09-2018

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

---
What goes around comes around. If it helps, hit it with Karma 🙂

jliaw · ‎07-11-2018

Thanks for your answer renjith 🙂

How to link both syslogs in splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation