Solved: How to link both syslogs in splunk?

jliaw · ‎07-09-2018

Here is the case.
I have a syslogs that contain serial ID that represent different location. On the other hand, I have a excel sheets in csv. form that show the location name with respective serial ID.
While plotting the graph, I need the graph display the location instead of the serial ID.
May I know how to link both data together so that the graph plot is showing the location name?

renjith_nair · ‎07-09-2018

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

----Happy Splunking!

What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

jliaw · ‎07-11-2018

https://www.youtube.com/watch?v=42nWPmzbYCk
A useful video for a simple Vlookup in Splunk.

renjith_nair · ‎07-09-2018

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

----Happy Splunking!

What goes around comes around. If it helps, hit it with Karma 🙂

jliaw · ‎07-11-2018

Thanks for your answer renjith 🙂

How to link both syslogs in splunk?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!