Search

geomore · ‎12-09-2021

Hi, I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "Match Type" for the fieldin the lookup definition as per Define a CSV lookup in Splunk...

msudhindra · ‎10-19-2015

...enerates the output file. My question is, how do I get the lookup table to update automatically whenever a new file is placed in the specified location? If I define a lookup using the Web GUI, would t...

olavo123 · ‎08-13-2015

Hi I have separate machines for a Search Head and Indexer. In Splunk Web on the Search Head, I went through the different steps as shown in the Splunk tutorial to define automatic lookup based o...

samlinsongguo · ‎05-18-2017

I have a lookup table as below User IsMember user1 Yes user2 Yes user3 No I save the table as memberlist.csv save as type is CSV(comma delimited)(*.csv) I import the table and define...

ssharm223

Hi, so my team is currently has some data on Splunk cloud. My task is to use your REST API to get this data using python. On Splunk web I get this data by using the following query: &n...

tkerr1357 · ‎02-10-2022

...earch index=* src_ip=* followed by the lookup. I added the lookup file and lookup definition but when I run a search it fails saying the lookup table doesnt exist.

Muwafi · ‎03-17-2021

Hello Splunkers! We have a situation here and need your help and experience. We are looking for best practice to work with Large CSV files (1Million Rows at least) to produce fast searches a...

alancalvitti · ‎03-03-2021

We need to run the same query over a list of values (10k to 100k) without knowing the exact key across various indexes where they might show up. What's the best way to do this in a scalable w...

proletariat99 · ‎04-06-2015

...ooling, etc). For .csv files that I want to index (so that all search heads can get to the data), where should I upload the files? I typically use the WebUI to upload these types of files, so s...

ngct2020 · ‎05-23-2020

I'm seeing the error below under messages in my Splunk enterprise console: Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...

Search

Search the Community

Wildcards with "| lookup"

How to automatically update a CSV lookup based on ...

After defining an automatic lookup in Splunk Web o...

Lookup table does not append value to event

How do I get data from Splunk REST API using pytho...

How to incorporate a Lookup in search?

Help with CSV - Special Case

how to map over or assign variable to a list of va...

Where should I "Upload" a CSV file in a distribute...

Error Message on indexer console