I've been looking at Splunk's external lookup features and they sound ideal for several of my logs. For example, I've got a log with a user ID where I'd like to be able to do counts based on their s...
Hi, I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "Match Type" for the fieldin the lookup definition as per Define a CSV lookupinSplunk...
on Splunk Cloud (8.1.2101.1) I'm encountering a warning message in my search results - trying to figure out why this is popping up. Anybody have any idea what this message means and how to resolve i...
Hi
I have separate machines for a Search Head and Indexer. InSplunkWeb on the Search Head, I went through the different steps as shown in the Splunk tutorial to define automatic lookup based o...
...ink to the right of the "Automatic lookups" section also generates a 500 internal error. None of the non-Lookups pages on our Splunkweb site give errors like these.
I have searched answers.splunk...
I'm trying to use lookups to do a keyword search and I can't grasp my brain around the right way to do this.
I've got some web logs I'm looking at insplunk that contain data that identifies w...
Hi All 🙂
I may have had too much coffee, because I'm having some trouble getting my head around this one.
I have a some web logs in which I have used Splunk to extract out a list of unique s...
I put web request logs into Splunk.
I did a lookup csv file that included suspicious user-agents characters like below.
bad_user_agent
nmap
python
java
...
I need alert if user_agent f...
I have kvstore which generate the data by API.
when I use | lookup mylookup id output data - its working
I want to convert it to automatic lookupin some index, but its not working....
Hi
I read http://www.splunk.com/base/Documentation/4.2.2/Knowledge/Addfieldsfromexternaldatasources and see my default transform.conf has
# Example external lookup
[dnslookup]
e...