Splunk Search

how to check if several strings in chart

gkochner1
Observer

I want to check in some strings are exist in a column and if they are I want to add another column with the type of the string I found inside.

For example:

The column - "Company" and inside we can found- google inc, amazon llc, Microsoft incorporation, university of china and more.

The strings I wand to check- google, amazon, Microsoft. Important thing is that I have ~100 strings that I need to check if exist. 

I want to add a column "company_Type" and if one of the strings exist in the column "Company" , it will write "Technology" and if not "other". 

The result I want to get:

CompanyCompany_Type
google incTechnology
amazon llcTechnology
Microsoft incorporationTechnology
university of china
other

 

Labels (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

probably the easiest way to do it, is create a lookup file and then get Company_Type from it based on Company field.

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions

https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/Lookup

r. Ismo

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...