Splunk Search

Is there a way to apply lookup table in a real time search?

jadengoho
Builder

Hi all,
I just want to ask if there is a way that I can apply a lookup table in a real-time search?
I have this column that contains all the Ip address generated by servers, and in the lookup table are the names of specific ip addresses.
This will be easy in a timely/relative search but in my situation, the codes are running in real-time, is there a way that I can do it?
Thanks in advance.

0 Karma
1 Solution

HiroshiSatoh
Champion

It is available in the manual. Why did you think you could not do it?

Real-time searches can take advantage of all search functionality, including advanced functionality like lookups, transactions, and so on. There are also search commands that are to be used specifically in conjunction with real-time searches, such as streamstats and rtorder.

https://docs.splunk.com/Documentation/Splunk/7.1.0/Search/Aboutrealtimesearches

View solution in original post

0 Karma

HiroshiSatoh
Champion

It is available in the manual. Why did you think you could not do it?

Real-time searches can take advantage of all search functionality, including advanced functionality like lookups, transactions, and so on. There are also search commands that are to be used specifically in conjunction with real-time searches, such as streamstats and rtorder.

https://docs.splunk.com/Documentation/Splunk/7.1.0/Search/Aboutrealtimesearches

0 Karma

jadengoho
Builder

This is what im looking for , Thank you.

0 Karma

lloydknight
Builder
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...