Solved: How do I use inputlookup to search a list of domai...

digital_alchemy · ‎10-30-2013

I have a .csv list of domains I would like to search and I've uploaded it as a lookup table file.

The table is formated with a header of domain as:

test_domains
msn.com
google.com
yahoo.com

My searchs are:

*[|inputlookup test_domains.csv]
*[|inputlookup test_domains.csv | rename test_domains as domain | fields + domain]

The search completes with 0 results even though if I search for the domains indivdually there is definite activity to those test domains.

I'm can't figure out why i'm not gettting results when using inputlookup.

Any ideas or pointers?

Thanks

digital_alchemy · ‎10-30-2013

Ok... I figured it out.

Our Splunk config doesn't contain an extraction for the field "domain" so I had to rename the domain field to field we use for domains.

View solution in original post

digital_alchemy · ‎10-30-2013

Ok... I figured it out.

Our Splunk config doesn't contain an extraction for the field "domain" so I had to rename the domain field to field we use for domains.

How do I use inputlookup to search a list of domains?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation

How do I use inputlookup to search a list of domains?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events