Re: How to match strings that in a text .file with...

szone · ‎09-08-2021

hi.

I have a txt file include many strings, and many logs from my web server that indexed.

I want to find the logs that at least match with one of the string in txt file.

how to search and query for this goal?

thanks.

for example:

txt file:

mosConfig.absolute.path

and logs:

http://localhost/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=[shell.txt?]

and output:

http://localhost/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=[shell.txt?]

ITWhisperer · ‎09-08-2021

Put the text file into a lookup store e.g. csv and then use inputlookup to include it in the search of your index - start with something like this - you will need to expand on this with your real values

index=xyz [|inputlookup text.csv|format]

szone · ‎09-11-2021

thanks, but the lookup table should have at least two column. so I have one column!?

ITWhisperer · ‎09-11-2021

If you are looking something up, then yes you would expect there to be at least two column, but if you are just doing inputlookup you can have just one column

How to match strings that in a text .file with my logs that indexed?

lookup

metadata

subsearch

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?