Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine lookup file with splunk query, static data with live data

san112491
New Member
‎10-05-2022 12:49 PM

Static data with one common field app Name as splunk query.

Labels (4)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-06-2022 12:17 AM

Hi @san112491,

as @yuanliu said, you have to find the correlation key between main search and lookup: if the common fields have the same name you can use something like this:

<your_search>
| lookup your_lookup.csv common field

if instead the field name to correlate are different,  you can use:

<your_search>
| lookup your_lookup.csv lookup_field AS main_search_field

For more infos I hint to read at https://docs.splunk.com/Documentation/Splunk/9.0.1/SearchReference/Lookup

Ciao.

giuseppe

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎10-05-2022 03:23 PM

Not sure what the real question is.  Assuming your static data is in the lookup file, you just define a lookup with that file, then use lookup, e.g.,

| lookup mylookup common_field

All other fields in mylookup will be populated according to match.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...

Application management with Targeted Application Install for Victoria Experience

Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...