Can i do the wildcard matching in lookup?
|makeresults|eval ip=192.168.101.10
|lookup ip.csv ip output host
In my lookup i have two entry ip=192.168.101.10 & ip=192.168.101.10/24.
How can i add wildcard (*) for match and i should get two entry.
.
what if i want to match host_name= abc & host_name=abc_123 which is in lookup file.
The wildcard need to be defined in the lookup e.g. abc* will match abc and abc_123
could you please help with SPL syntax to match wild card entry.
If you have wildcards in your lookup, just use the lookup command
Hi @RSS_STT ,
in the same option of the same section try with WILDCARD instead CIDR.
Ciao.
Giuseppe
in [Settings > Lookups > Lookup Definitions ] open "Advanced Options" and configure CIDR as match_type, as described at https://docs.splunk.com/Documentation/Splunk/9.4.0/Knowledge/Addfieldmatchingrulestoyourlookupconfig...
