How to match strings that in a text .file with my ...

szone · ‎09-08-2021

hi.

I have a txt file include many strings, and many logs from my web server that indexed.

I want to find the logs that at least match with one of the string in txt file.

how to search and query for this goal?

thanks.

for example:

txt file:

mosConfig.absolute.path

and logs:

http://localhost/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=[shell.txt?]

and output:

http://localhost/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=[shell.txt?]

ITWhisperer · ‎09-08-2021

Put the text file into a lookup store e.g. csv and then use inputlookup to include it in the search of your index - start with something like this - you will need to expand on this with your real values

index=xyz [|inputlookup text.csv|format]

szone · ‎09-11-2021

thanks, but the lookup table should have at least two column. so I have one column!?

ITWhisperer · ‎09-11-2021

If you are looking something up, then yes you would expect there to be at least two column, but if you are just doing inputlookup you can have just one column

How to match strings that in a text .file with my logs that indexed?

lookup

metadata

subsearch

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Are you a member of the Splunk Community?