Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
13,129 results
Sort by:
a month ago
Have a data that returns ip field and values as below. Ip = 0.0.0.11 Ip= 0.0.0.12 There is a lookup that contains field ipaddress with below values 0.0.0.11 0.0.0.13 If we see above 0.0.0.12 m...
Labels
- Labels:
-
eval
10-08-2024
09:39 PM
...ried entering all 130 but it didn't work I noticed there was a limit after some point, and then I'd stop receiving results. So I did some research and I noticed people mentioned lookup files. So I c...
04-14-2025
05:29 AM
After moving a KVstore to a new Application, Splunk can not longer render the lookup. When moving a KVstore using the "move" link in "Lookup definitions" it only moves the transforms.conf stanza a...
Labels
06-12-2024
05:46 AM
...onstantly receive the following error: [indexer.mydomain.es, mysearchhead.mydomain.es] Could not load lookup=LOOKUP-eventcode I read the information in the https://docs.splunk.com/Documentation/A...
- Tags:
- sysmon
Labels
- Labels:
-
universal forwarder
02-15-2024
03:36 AM
Hey Experts, I'm new to splunk and I'm trying to create a new lookup from data in a index=abc. Can someone please guide me on how to achieve this? Any help or example queries would be greatly a...
Labels
- Labels:
-
lookup
03-27-2024
11:47 AM
...ail_msg2* I have created a lookup file sample.csv with the following content Product,Feature,FailureMsg
ABC,DEF,fail_msg1
ABC,DEF,fail_msg2 I want to search if F...
Labels
- Labels:
-
lookup
Show results in replies (7)
-
Hi @MVK1 , you can create your lookup using the Splunk Lookup Editor App (https://s...
-
Thank you I have added double quotes in my lookup for FailureMsg field. Could you please help on h...
-
...alues in your lookup? If the above are true, you have a simple formula index="demo1" source="d...
-
Another update: my csv lookup in this example has only 2 rows, but it could have many more. A...
-
...emo2" ("fail_msg1" OR "fail_msg2") any idea how to search this using inputlookup or lookup?
-
...est_field_name_1" | table _raw id_num | reverse | filldown id_num I moved lookup at the end a...
-
...o ONLY include fail_msg1 and fail_msg2. Use this lookup to run the search in a fixed i...
04-23-2024
11:58 PM
I want to show lookup file content horizontally. eg:- rather than this panels a b c I want panels a b c OR a b c
Show results in replies (4)
-
I cannot understand why you say you are not getting a "table". Using the lookup sample you g...
-
...ell me anything useful - can you describe your lookup data, what it contains and give a better d...
-
yeah sure i have a lookup called panels.csv , Panels Critical severity v...
-
Try this | inputlookup your_lookup.csv | stats values(panels) as panels | eval panels=mvjoin(panel...
09-06-2023
07:03 AM
...ilter this search with values of one field in a csv I import as lookup. Example: index="data" sourcetype="entities" | table EMAIL EXTERNAL_EMAIL CATEGORY And I have the inputlookup inputlookup 2...
Labels
- Labels:
-
subsearch
03-20-2025
02:38 AM
...re off by 4. There are no additional IDs at the end of the lookup. This lookup is correctly formatted upon a clean install as demonstrated below (First and Last 5 rows of the `m...
Labels
- Labels:
-
configuration
-
other
-
troubleshooting
