cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rameshpillai
New Member
Member since: ‎01-16-2019
‎05-21-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-16-2019
View All

Compare main search field contain value of another...

by in Splunk Search
‎05-18-2021 07:05 AM
‎05-18-2021 07:05 AM
I would like to compare(not exact match) urls in my proxy log with url stored in lookup table Eg for URL in proxy log P1:  99.99.99.99/safebrowse/jh/oiruitupwerouitufkgjlhsfghjdfsglhjpoier/AFHJDFHADS?S=32 ---------------------------------------------------------------------------- Eg for URL's in loookup file L1:  99.99.99.99/safebrowse/jh/oiruitupwerouitufkgjlhsfghjdfsglhjpoier L2:  88.99.77.66/query.js L3:  www.notaurl.com/8484/ucd/94843984.php  Tried to use inputlookup in subsearch and join , however it fails to match , as in either case (subsearch or join) splunk does an exact match sample subsearch query |tstats count from datamodel=Web where Web.user!="-" by Web.user Web.url _time | search [|inputlookup url_lookup | search type="URL" | fields ref_url | rename ref_url as Web.Url] |table Web.user Web.url _time count i want help where in P1 should match L1 ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-21-2021 07:57 AM