Solved: Re: How to add the field name via Command in a Loo...

joomla · ‎09-29-2022

Hi Community Support,

I have a lookup file with IP addresses where all the values are IP Addresses including the very first field and its keep changing.

Dummy Example:

192.168.10.10

192.168.10.11

192.168.10.12

Because the very first field value itself is an IP address so I want to add a field value into this lookup via Splunk search so that my lookup will show like below:

ip_address

192.168.10.10

192.168.10.11

192.168.10.12

Kindly suggest how to achieve these results. Many Thanks.

andrew_nelson · ‎09-29-2022

I have to agree with Rich, the Lookup Editor is definitely the simplest way to do it.
The second best way would be to download the lookup, make your change in a text editor/spreadsheet editor and re-upload.

View solution in original post

richgalloway · ‎09-29-2022

IMO, the best option is to use the Lookup File Editor app to modify the file.

If that's not possible, try this untested query.

| makeresults 
| eval ip_address="ip_address"
| inputlookup mylookupfile.csv append=true
| rename 192* as ip_address
| outputlookup mynewlookupfile.csv

Note the use of two different CSV file names in case the results are not as expected.

---
If this reply helps you, Karma would be appreciated.

andrew_nelson · ‎09-29-2022

You want to have the column title as a value in the lookup ?

joomla · ‎09-29-2022

Yes after change the current column title will be the value and new coloum title will be ip_address.

andrew_nelson · ‎09-29-2022

I have to agree with Rich, the Lookup Editor is definitely the simplest way to do it.
The second best way would be to download the lookup, make your change in a text editor/spreadsheet editor and re-upload.

How to add the field name via command in a lookup file?

other

Your Guide to SPL2 at .conf24!

Get ready to show some Splunk Certification swagger at .conf24!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...