Solved: Re: How to link both syslogs in splunk? - Splunk Community

Splunk Enterprise

Here is the case.
I have a syslogs that contain serial ID that represent different location. On the other hand, I have a excel sheets in csv. form that show the location name with respective serial ID.
While plotting the graph, I need the graph display the location instead of the serial ID.
May I know how to link both data together so that the graph plot is showing the location name?

1 Solution

Solution

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

https://www.youtube.com/watch?v=42nWPmzbYCk
A useful video for a simple Vlookup in Splunk.

Solution

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

---
What goes around comes around. If it helps, hit it with Karma 🙂

Thanks for your answer renjith 🙂

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with another ...