Splunk Search

In a CSV lookup, is the first column always the input ?

dxw350
Path Finder

In Vlookup for excel, the input is always the first column on the left. In Splunk, is this required? I am having difficulty adding the csv file with additional fields that I want to incorporate into my Splunk queries for results.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi dxw350,
what do you mean with "the input is always the first column on the left"?
In Splunk you can load a csv as a lookup or manually create a lookup using Lookup Editor App, there isn't any order or key, you can use every column as key in your searches.
You have only to create a lookup (I suggest to use Lookup Editor App) and then use it.
See at http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Addfieldsfromexternaldatasources how to use lookups.
Bye.
Giuseppe

0 Karma

woodcock
Esteemed Legend

No, you specify the input field like this:

... | lookup YourLookupDefinition YourInputField OUTPUT Your Output Fields Here
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...