Lookup file data in a search string

rashi83 · ‎02-25-2020

Hi ,

I have following search string , where Username field is extracted using rex command . Now I want to use a lookup file which has field "user" which matches the extracted "Username" field . How can I use lookup commands to match this and get more interested fileds like Office in the search string
index="x"
| rex field=_raw "(?:Users%5C)(?(.*))(?:%5C(local|input))"

vnravikumar · ‎02-25-2020

Hi

Try like

...your query |lookup <<lookupname>> user AS Username OUTPUT Office

Lookup file data in a search string

Re: Lookup file data in a search string

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our
Career Survey Now!

Lookup file data in a search string

Re: Lookup file data in a search string

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our Career Survey Now!

Share your experience in our
Career Survey Now!