Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Importing error code reasons from URL to Splunk query

NizanCohen
Explorer
‎11-09-2022 07:02 AM

Hi all.

My company is working with GlobalScope and I wish to enter their error code description to Splunk.

As of right now, I only get the error number and I need to go to their website and check what is each code. I was wondering if I can import the data from the website into my Splunk and include it on my queries.

Here's the url: https://kb.globalscape.com/Knowledgebase/10142/FTP-Status-and-Error-Codes

Labels (1)
Labels
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎11-09-2022 11:58 PM

Absolutely.  Just put the table into a CSV file, e.g., like

CodeDescriptionDiscussion
100 requested action was initiated; expect another reply before proceeding with a new command.
110Restart markerreply. The text is exact and not left to the particular implementation; it must read "MARK yyyy = mmmm" where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120Service readynn minutes. (Informational)
125Data Connectionalready open; transfer starting. (Informational)
150File statusokay; about to open data connection. FTP uses two ports: 21 for sending commands, and 20 for sending data. A status code of 150 indicates that the server is about to open a new connection on port 20 to send some data.

Set up the CSV as lookup. (See Define a CSV lookup in Splunk Web.)  Then, suppose your data search returns a field named ftp_return_code.  In your search, add a lookup command

 

| lookup mylookup Code as ftp_return_code OUTPUT Description as ftp_return_description, Discussion as ftp_return_discussion

 

 

Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...