Solved: To include 80+ applications in SPL

rajatsinghbagga · ‎08-22-2019

Hello Everyone,

I have got the list of 80+ applications this I want to include in my SPL. Is there a way I can use CSV lookup to do that? The applications list look like:-

APP-ID,DESCRIPTION
A1*,test app 1
B2*,test app 2
C3*,test app 3
D4*,test app 4
...

Sample SPL I would like to create to include these applications:-

index=app-data  APP-ID=A1* OR APP-ID=B2* OR APP-ID=C3* OR APP-ID=D4*.... |

I am not using the DESCRIPTION as mentioned in the sample CSV above at this stage. I am just trying to figure out if there is a way to look up these applications from a CSV file rather then having to type these in the SPL or if there is any other alternative please suggest.

Thank you,
Rajat

KailA · ‎08-22-2019

Hello,

If you already have the csv as a lookup, it's perfect.
You can do something like that in your SPL :

index=app-data [|inputlookup yourLookup | fields APP-ID]

It should work for you.

Kail

View solution in original post

KailA · ‎08-22-2019

Hello,

If you already have the csv as a lookup, it's perfect.
You can do something like that in your SPL :

index=app-data [|inputlookup yourLookup | fields APP-ID]

It should work for you.

Kail

To include 80+ applications in SPL

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

To include 80+ applications in SPL

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits