Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
5,000 results
Sorted by:
4 weeks ago
Apologies, I am quite new to Splunk so not sure if this is possible, I have the following simple query: | inputlookup appJobLogs
| where match(MessageText, "(?i)general e...
03-15-2013
08:16 AM
Hello,
I know to view a csv, I can run | inputlookup asdf.csv. How would I be able to view multiple csvs in one search query?
Show results in replies (8)
-
A better solution would be: |inputlookup file1.csv | inputlookup file2.csv append=t|...
-
inputlookup, append, inputlookup, append, ...?
-
|inputlookup c2_zeus.csv append=t| inputlookup DNS_Domains_malware.csv
-
...his: |inputlookup c2_zeus.csv | inputlookup DNS_DOMAINS_malware.csv append=t
-
I do. It is because inputlookup is stated after the append. I can run the | inputlookup file1.csv...
-
You have them backwards. Swap the two. For each inputlookup after the first, you need "append=t"
-
I receive this error: Error in 'inputlookup' command: This command must be the first command o...
-
...bove is exactly like how your query was stated originally. It just doesn't let you put a subsequent inputlookup...
02-08-2023
02:34 AM
Hello Splunkers,
Please if someone can help me with a Splunk query,
I have a list of IPs I imported in lookup table, I want to grab the FW traffic where dest_ip in the FW logs matches my lookup l...
Show results in replies (4)
-
...lackip" and the field in the main search is "dest_ip", you have to rename it: index=fw [ | inputlookup...
-
...oining them with the main search results. inputlookup is used in the main search or in subsearches....
-
...ndex=fw [ | inputlookup blackip.csv | fields dest_ip ] | stats values(src_ip) values(dest_ip) by port &n...
-
Thanks a billion @gcusello it was great explanations from you I got the results I ...
08-11-2023
08:20 PM
I have 2 lookup files as lookup1.csv and lookup2.csv lookup1.csv has the data as below name, designation, server, ipaddress, dept
tim, ceo, hostname.com, 1.2.3.5, alldept
jim, vp, myhost.com, 1...
06-28-2023
08:28 AM
...o improve this? | inputlookup lookup.csv | join type=outer [search index=os sourcetype=ps "abc.pid" OR "abc.bin" | stats count as heartbeat by host ] | fillnull heartbeat value=0 | where h...
01-30-2023
11:29 PM
...2 NOT ([ inputlookup FP_malware.csv]) | eval time=strftime(_time,"%Y-%m-%d %H:%M:%S")|stats count by time hip hdn etdn p2 | dedup p2
it seems not working . So how can i fix this ????? Many t...
Show results in replies (4)
-
...se NOT [ | inputlookup ... ] The response coming back from the subsearch will be p2=x OR p2=y O...
-
...ath is the field in the search, index="kaspersky" AND etdn="Object not disinfected" p2 NOT [ | inputlookup...
-
my mistake . thanks alot it work now
-
Hi @abazgwa21cz , good for you, see next time! Ciao and happy splunking Giuseppe P.S....
07-02-2021
09:40 AM
...ecause the agent has not been installed yet or because I report logs and at a certain point I stop doing it I installed the "lookup Editor" and already uploaded the inventory there. Using the query | inputlookup...
Labels
- Labels:
-
field extraction
-
lookup
-
table
06-30-2020
05:42 AM
...lah:csv" [ | inputlookup SerialNumber ] fields thanks for your help
Labels
- Labels:
-
using Splunk Cloud
05-25-2020
01:50 AM
I setup testing.csv lookup as following host,location 123,HK 234,US 345,UK
I would like to basic search if host matched in the log, stats count by location index=log sourcetype=csv |search [|inputlookup...
- Tags:
- splunk-enterprise
