Splunk Search

How do you compare a field in a search table with a lookup table field?

kdelvillar
Engager

I have a search that produces a table that contains a field called "http_referer", and I want to compare this field against a field called "TargetURL" that's in my inputlookup redirect-url.csv result. If there's a match I would like it to display all the matches.

Tags (1)
0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@kdelvillar

Have you tried lookup command? I'm not able to understand all the matches with!!!??

Can you please try below search?

YOUR_TABLE_SEARCH | lookup redirect-url.csv TargetURL as http_referer OUTPUTNEW TargetURL as myTargetURL | where isnotnull(myTargetURL)

https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Lookup

View solution in original post

kamlesh_vaghela
SplunkTrust
SplunkTrust

@kdelvillar

Have you tried lookup command? I'm not able to understand all the matches with!!!??

Can you please try below search?

YOUR_TABLE_SEARCH | lookup redirect-url.csv TargetURL as http_referer OUTPUTNEW TargetURL as myTargetURL | where isnotnull(myTargetURL)

https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Lookup

kdelvillar
Engager

This worked thank you!

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@kdelvillar

Glad to help you. Can you please accept the answer and upvote comment to help the community?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...