Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to match strings that in a text .file with my logs that indexed?

szone
Engager
‎09-08-2021 11:08 PM

hi.

I have a txt file include many strings, and  many logs from my web server that indexed.

I want to find the logs that at least match with one of the string in txt file.

how to search and query for this goal?

thanks.

for example:

txt file:

mosConfig.absolute.path

and logs:

http://localhost/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=[shell.txt?]

and output:

http://localhost/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=[shell.txt?]

Labels (3)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-08-2021 11:57 PM

Put the text file into a lookup store e.g. csv and then use inputlookup to include it in the search of your index - start with something like this - you will need to expand on this with your real values

index=xyz [|inputlookup text.csv|format]

 

0 Karma
Reply

szone
Engager
‎09-11-2021 06:57 AM

thanks, but the lookup table should have at least two column. so I have one column!?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-11-2021 08:36 AM

If you are looking something up, then yes you would expect there to be at least two column, but if you are just doing inputlookup you can have just one column

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top