Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to link both syslogs in splunk?

jliaw
Explorer
‎07-09-2018 08:57 PM

Here is the case.
I have a syslogs that contain serial ID that represent different location. On the other hand, I have a excel sheets in csv. form that show the location name with respective serial ID.
While plotting the graph, I need the graph display the location instead of the serial ID.
May I know how to link both data together so that the graph plot is showing the location name?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎07-09-2018 10:10 PM

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

Happy Splunking!

View solution in original post

Reply
Solved! Jump to solution

jliaw
Explorer
‎07-11-2018 01:25 AM

https://www.youtube.com/watch?v=42nWPmzbYCk
A useful video for a simple Vlookup in Splunk.

Reply
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎07-09-2018 10:10 PM

Hi @jliaw ,

You could use lookup in splunk for that - http://docs.splunk.com/Documentation/Splunk/7.1.1/Knowledge/ConfigureCSVlookups

Once you have the lookup configured, you could use it as mentioned in the example : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Lookup#Basic_example

Happy Splunking!
Reply
Solved! Jump to solution

jliaw
Explorer
‎07-11-2018 01:28 AM

Thanks for your answer renjith 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...