Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
10,000 results
Sorted by:
07-14-2021
08:07 PM
Hi, Under lookups we have lookups as below lookups abcd.csv xyz.csv I could see configs in props.conf to map to these lookups props.conf LOOKUP -field1-field2 = abcd _lookup field O...
Labels
- Labels:
-
configuration
-
troubleshooting
07-18-2021
08:48 PM
Hi, In lookup definition, IT_server_list is created in lookup definition which is mapped to CSV named (server_list.csv) In Lookup Table, server_list.csv file is there In automatic lookup, I...
Labels
04-07-2022
12:33 AM
I am looking for some tool/way to get the Splunk index/lookup usage in the system
for example to get all lookups that are not used in the system
what is the best way to do it ?
Labels
- Labels:
-
other
04-12-2022
05:45 AM
Hello everyone!
I have in search results table like A=1, B=1, C=3
I have lookup like
Type
A
B
C
server1
1
1
4
server2
1
1
5
server3
1
1
6...
- Tags:
- lookup
Labels
- Labels:
-
other
-
using Splunk Enterprise
Show results in replies (4)
-
Each column will have to be tested separately using separate lookups. | lookup mylookup.csv A O...
-
thank you, it works! is it possible to make comparison in one subsearch? i mean one comparison for...
-
I did, not actual
-
If you want a separate result for each column then you'll need multiple lookups. The lookup c...
01-18-2022
01:14 PM
...et of values from a field in a lookup table to act as a filter of events not to include it doesn't work no matter what I try. I've tried in the subsearch piping to: | rename field AS search | f...
03-04-2021
08:46 AM
Hi All, Is it possible to perform Eval then perform lookup ? If the eval return null then perform lookupA.csv. If eval return notnull, then perform lookupB.csv thanks!
Labels
- Labels:
-
search
03-28-2022
10:20 PM
...ountry_name and email from raw events versus to what is there in the csv file. Basically If the country_name in the raw events in DIFFERENT as in if it does not match the "Country" field in the lookup...
Labels
- Labels:
-
lookup
Show results in replies (8)
-
OK. Let me rephrase it. If you have an event with the fields email and country_name and a lookup w...
-
OK, so you don't want to use the lookup table as a lookup (evaluate field(s) based on values of o...
-
Try this: index=xxx | lookup file.csv Email_id as email | where Country!=country_name
-
...ountry_name having the value "United States" (without quotes) and from the lookup w...
-
It's not how you use lookup. The condition of a field Country in the lookup being equal to the f...
-
If you are not getting matches that you were expecting, it is possible the lookup failed, perhaps t...
-
...aw events) is different from the field: Country as defined in lookup table for that user . &n...
-
I have verified there aren't any blank spaces or trailing characters in the lookup file data. Is i...
07-30-2021
12:10 AM
...ourcetype,index,_time span=1d I would like to modify it to run the search on only hosts which are in the lookup list servers.csv. Can you please help me with modification?
Labels
- Labels:
-
administration
02-13-2022
02:54 PM
...vexpand email | stats count by email | eval useremail= email."@my_domain.com" | table useremail count | lookup userdomain_email email as useremail OUTPUT user as user But this g...
11-22-2020
05:39 AM
1 Karma
I'm new to Splunk and just wanted to understand how we can create automatic Lookup. If I can get an example that would be great.
