Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Search two fields in one csv lookup

ocampocliff1
Engager
‎03-21-2017 09:18 PM

I want to use fields two fields that i have inside the lookup,

Inside my lookup i have "account" and "date"

basically i want to do is to search the account with the date which is greater than today.

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎03-22-2017 12:40 PM

alt text

alt text

Preview file
53 KB
Preview file
62 KB
0 Karma
Reply

adonio
Ultra Champion
‎03-22-2017 11:26 AM

Hello ocampocliff1,
here is the csv i created:
alt text

if the date format is different on your end, you will have to change the time format in the eval statements. you can find the formats here: https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables

using this search: 

| inputlookup accounts.csv 
 | eval new_time = strptime(date, "%m/%d/%Y") 
 | eval c_time=strftime(new_time,"%m/%d/%y %H:%M:%S") 
 | eval now = now() 
 | where new_time > now 
 | table account, c_time

i got this:

alt text

you can play with the | where clause as you please to find accounts on a time frame

Hope it helps

Preview file
53 KB
Preview file
62 KB
Reply

adonio
Ultra Champion
‎03-22-2017 12:40 PM

couldn't edit the answer to show screenshots. they are in the answer below

0 Karma
Reply

ocampocliff1
Engager
‎03-22-2017 05:54 PM

Hi adonio,

Thanks for this one!

I'm using this concept now. 🙂

0 Karma
Reply

adonio
Ultra Champion
‎03-23-2017 05:40 AM

you are welcome!
if that answers, can you mark as "answered"?
thanks!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...