Splunk Search

search lookup table for value

hartfoml
Motivator

so I can grep the look-up table to find an entry

I can see the contents of the look-up table by doing this
| inputlookup Domains.csv

I want to find a specific entry in the look-up table but I cant seem to find the right syntax

I tried this | inputlookup Domains.csv | search google.com

and this search "google.com" [| inputlookup Domains.csv ]

Tags (2)
1 Solution

Gilberto_Castil
Splunk Employee
Splunk Employee

You will have to use the meta data (field) in your search condition. Using a free form search where the job is to find a text string in the raw data will not work. There is no _raw data.

For instance, assume that your CSV contains very important domains like so:

domain
google.com
splunk.com
theoatmeal.com

When you run the search, you get the following results

| inputlookup Domains.csv 

alt text

If you use the metafield obtained, then you can isolate the most important domain.

| inputlookup Domains.csv | search domain="theoatmeal.com"

alt text

Then you can enjoy the most important site on the Web.


gc

View solution in original post

Gilberto_Castil
Splunk Employee
Splunk Employee

You will have to use the meta data (field) in your search condition. Using a free form search where the job is to find a text string in the raw data will not work. There is no _raw data.

For instance, assume that your CSV contains very important domains like so:

domain
google.com
splunk.com
theoatmeal.com

When you run the search, you get the following results

| inputlookup Domains.csv 

alt text

If you use the metafield obtained, then you can isolate the most important domain.

| inputlookup Domains.csv | search domain="theoatmeal.com"

alt text

Then you can enjoy the most important site on the Web.


gc

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...