Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

case-sensitive on subsearch

simo
Path Finder
‎02-21-2024 03:54 AM

hi

I have this situation

index="idx" [| inputlookup name.csv | table id name ]

idx=

idname
1a2aaa
1A2aaa
12abbb

 

lookup

idname
1a2

aaa

 

the result is that it extracts the first 2 lines. How do I extract just the first line?

Thank you

Simone

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-21-2024 03:56 AM

Try something like this

index="idx" 
| where [| inputlookup name.csv | table id name ]

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-21-2024 03:56 AM

Try something like this

index="idx" 
| where [| inputlookup name.csv | table id name ]
Reply
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...