Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine lookup file with splunk query, static data with live data

san112491
New Member
‎10-05-2022 12:49 PM

Static data with one common field app Name as splunk query.

Labels (4)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-06-2022 12:17 AM

Hi @san112491,

as @yuanliu said, you have to find the correlation key between main search and lookup: if the common fields have the same name you can use something like this:

<your_search>
| lookup your_lookup.csv common field

if instead the field name to correlate are different,  you can use:

<your_search>
| lookup your_lookup.csv lookup_field AS main_search_field

For more infos I hint to read at https://docs.splunk.com/Documentation/Splunk/9.0.1/SearchReference/Lookup

Ciao.

giuseppe

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎10-05-2022 03:23 PM

Not sure what the real question is.  Assuming your static data is in the lookup file, you just define a lookup with that file, then use lookup, e.g.,

| lookup mylookup common_field

All other fields in mylookup will be populated according to match.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...