...ingle IP's to the same lookup file/definition(CIDR lookup) as well?
I want single IP matching in the same lookup table where I have added the IP subnet.
How to proceed about this?
...f the hosts we would need to be using are quite big. I thought about using lookup in a subquery but don't know how to approach it so it makes sense.
Hi All, I have the below search. I am being told it appends results to a lookup table called user_ids.
index=ad earliest=-15d
|stats latest(_time) as _time, latest(p...
I have a lookup file called prefixes.csv, and it has about 5 headers: prefix,location,description,owner "1.0.0.0/8",usa,"corporate things", "joe schmoe" I want to be able to reference this f...
Hello All, I have a quick question about comparison fields from a lookup table. Just imagine that I have a query like this. index=linux [|inputlookup suspicious_commands.csv where c...
Hey Experts, I'm new to splunk and I'm trying to create a new lookup from data in a index=abc. Can someone please guide me on how to achieve this? Any help or example queries would be greatly a...
Hi All, I have a .csv file named Master_List.csv added to splunk lookup. It has the values of the fields "Tech Stack", "Environment", "Region" and "host" and has about 350 values per field. A...
...ail_msg2* I have created a lookup file sample.csv with the following content Product,Feature,FailureMsg
ABC,DEF,fail_msg1
ABC,DEF,fail_msg2 I want to search if F...
I would like to know about to add a single field value to outputlookup, as currently there are some fields like id, condition, value is there , but the need is only to ingest condition, Can anyone p...
I cannot find this question being asked this way round, so hopefully its not a duplicate.
I have a lookup CSV like this:
ip,ip-info,timestamp
1.2.3.4,Text about the IP,2020-04-16T17:20:00
4.3...