I'm trying to implement CSV based lookup's in Splunk, the sample csv looks like below
We get the hostnames from Logs, but not Zone or Department, So all I need is to enter Zone E in the search bar...
See more...
I'm trying to implement CSV based lookup's in Splunk, the sample csv looks like below
We get the hostnames from Logs, but not Zone or Department, So all I need is to enter Zone E in the search bar and get all the logs or transactions with the sidebar where I can choose PC's from Zone E, below is the setup.
This file Located /opt/splunk/etc/apps/search/lookups/
zones.csv
Host, Zone, Department
MEL2ITD001, Zone E, ITM
MEL2ACD001, Zone F, FIN
This file Located /opt/splunk/etc/apps/search/local
transforms.conf
[zones]
filename = zones.csv
but I can't get this to work, any suggestion would be really appreciated.