Solved: Re: How to link both syslogs in splunk?

jliaw · ‎07-09-2018

Here is the case.
I have a syslogs that contain serial ID that represent different location. On the other hand, I have a excel sheets in csv. form that show the location name with respective serial ID.
While plotting the graph, I need the graph display the location instead of the serial ID.
May I know how to link both data together so that the graph plot is showing the location name?

renjith_nair · ‎07-09-2018

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

jliaw · ‎07-11-2018

https://www.youtube.com/watch?v=42nWPmzbYCk
A useful video for a simple Vlookup in Splunk.

renjith_nair · ‎07-09-2018

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

---
What goes around comes around. If it helps, hit it with Karma 🙂

jliaw · ‎07-11-2018

Thanks for your answer renjith 🙂

How to link both syslogs in splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation