Hello Splunkers,
Can you help me below case to build splunk search.
I have firewall data coming to index=firewall so i need to filter based on results from my external lookups fields IP as well matching domain name from the indexed data.
index=firewall | lookup url.csv | fields url | lookup domain.csv | fields domain | .. etc
any of the matching fields from indexed data.
|Hi,
I assume you have common fields in url lookup and domain look up.
Please try out the below and let us know
index=firewall
| lookup url.csv url OUTPUT url,domain_index
| lookup domain.csv domain as domain_index OUTPUT domain
|table url,domain