Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sort by:
09-06-2023
07:03 AM
...ilter this search with values of one field in a csv I import as lookup. Example: index="data" sourcetype="entities" | table EMAIL EXTERNAL_EMAIL CATEGORY And I have the inputlookup inputlookup 2...
Labels
- Labels:
-
subsearch
03-27-2024
11:47 AM
...ail_msg2* I have created a lookup file sample.csv with the following content Product,Feature,FailureMsg
ABC,DEF,fail_msg1
ABC,DEF,fail_msg2 I want to search if F...
Labels
- Labels:
-
lookup
12-06-2022
12:40 AM
...ead and seen tstats only works with indexed fields but not fields that are being extracted at search time? so I guess my question is how could I use tstats and still incorporate the above fields and lookups...
Show results in replies (5)
-
...enerate a table in order for it to work. also, I can't sort with that field, so I can't use it after "by" s...
-
...atamodel, I get all the fields necessary for my search to begin with. and here the fields of t...
-
Ok, I've at least figured out the first problem. I can reference message_type with addressing the d...
-
...ns.message_type the next problem I have is that I want to check in several lookups for matches of ips.&n...
-
...nalyze all subsequent lookups and filters. If they require any field that is not returned in tstats, t...
06-28-2023
10:14 AM
Hi, The lookup field values must match the field values returned by the query, and the results must be shown as yes/no depending on whether the match happens. but we are unable to match and are u...
Labels
- Labels:
-
calculated field
-
field extraction
-
lookup
05-14-2019
08:41 AM
I'm trying to format a search in which I have a lookup with one column, this column includes malicious email addresses, "indicator" is the field. Now I would like my search to return any events t...
07-30-2024
08:02 AM
I have a KV Store with replicate turned on, a lookup definition with WILDCARD(match_field), and an automatic configured to output a numeric lookup_field. When I run a search on the relevant source t...
Labels
- Labels:
-
lookup
08-31-2020
12:39 PM
...bsp; I can't seem to figure out how to go about this. I have no problem breaking apart the multivalue and rejoining it, I just can't figure out how to do a lookup that falls within a two fields... R...
02-28-2025
02:09 AM
Hello All, I have a multivalue field which contains domain names (for this case, say it is in field named emailDomains and it contains 5 values). I have a lookup named whitelistdomains w...
Labels
- Labels:
-
stats
09-01-2023
03:41 AM
...he lookup data. I wanted to run the whole thing in the "background" so that the users do not have to run it as a search string. I also tried to use calculated fields to build one from two field...
Labels
- Labels:
-
lookup
02-22-2024
06:30 AM
Hello Splunk members! I have a CSV Lookup file with 2 columns ClientName HWDetSystem BD-K-027EY VMware I have an index with ASA Firewall log which I want to search...
Labels
- Labels:
-
lookup
