I want to check in some strings are exist in a column and if they are I want to add another column with the type of the string I found inside.
For example:
The column - "Company" and inside we can found- google inc, amazon llc, Microsoft incorporation, university of china and more.
The strings I wand to check- google, amazon, Microsoft. Important thing is that I have ~100 strings that I need to check if exist.
I want to add a column "company_Type" and if one of the strings exist in the column "Company" , it will write "Technology" and if not "other".
The result I want to get:
| Company | Company_Type |
| google inc | Technology |
| amazon llc | Technology |
| Microsoft incorporation | Technology |
| university of china | other |
Hi
probably the easiest way to do it, is create a lookup file and then get Company_Type from it based on Company field.
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions
https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/Lookup
r. Ismo