Hi,
looking for splunk query having field name similar to field in lookup file with respective value in lookup file.
query have field "index" value is same as lookup file field "CAPNSplunk" valu...
See more...
Hi,
looking for splunk query having field name similar to field in lookup file with respective value in lookup file.
query have field "index" value is same as lookup file field "CAPNSplunk" value.
if "index" field value matches with lookup file "CAPNSplunk" then "index" field value should get replaced with associated "RANSplunk" field value available in lookup file.
lookup file:
CAPNSplunk,RANSplunk "Pricing","Pricing Outlier"
"Smart_Factory","Smart Factory BUCT" "SMARTFACTORY_LOGISTICS","Smart Factory Logistics" "SmartFactory_PM_Console","Smart Factory PM Console" "GCW_Dashboard","Global Contingent Worker Dashboard" "HRM_Spans_Layers","HRM - Spans & Layers" "Unity_Portal-Part_Aggregation","Unity Portal" "Blackbird_Dashboard","Blackbird" "WWops","WWOps" "AGS_metrology_AutoML","Metrology Auto ML Classification" "Action_Plan_Tracker","IDCL"
index:
Pricing
Smart_Factory
SMARTFACTORY_LOGISTICS
SmartFactory_PM_Console
GCW_Dashboard
HRM_Spans_Layers
Unity_Portal-Part_Aggregation
Blackbird_Dashboard
WWops
AGS_metrology_AutoML
Action_Plan_Tracker
For example:
if "index" field value is "Pricing" then it should get replaced with "Pricing Outlier" after looking into lookup file.