...ogic is: check if, in the events, the dst_ip field values match the lookup field named tor_node address ones and, with the use of isnull command, those IP are not marked with exclusion. How I want t...
Hi,
I'm a bit confused with the lookupcommand, I.e the syntax.
lookup <lookup-table-name> <lookup-field1> AS <local-field1>, <lookup-field2> AS <local-field2> O...
Hi, Need your assistance below We have created new csv lookup and we are using the below query but we are getting all the data from the index & sourcetype . we need to get the e...
Hello everyone With some embarrassment I confess that I do not know how to use the lookupcommand and although I have read the documentation I have not been able to. I have an index called a...
...ountry_name and email from raw events versus to what is there in the csv file. Basically If the country_name in the raw events in DIFFERENT as in if it does not match the "Country" field in the lookup...
Hi All, I'm facing issue while appending results for 2 searches using append command. I have a 2 search which i'm using to get results and also both query has lookupcommand to get i...
...bsp; also I see that there is Geolocation Lookup for Splunk APP (https://splunkbase.splunk.com/app/4102/#/overview) to allow iplocation what is the recommended way to w...
...fter adding the lookup table, inputlookup command is working fine and is giving the output table. But when I am using lookupcommand in the below query, I am not getting the fields in the output on t...
Hi,
is it possible to use more than one input field within a lookupcommand?
The lookuptable looks like this:
User | Country | FieldA
I tried it like this, but it didn't work:
| lookup...