×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
franz__
Engager
Member since: ‎01-31-2017
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-31-2017
Activity Feed
View All

Re: Compare Usernames from Search with Lookup (csv...

by in Getting Data In
‎07-24-2017 11:34 PM
‎07-24-2017 11:34 PM
I had to add the Columname but then it worked, thanks! ... | dedup username | lookup test.csv username OUTPUT username AS foundInLookup | where isnull(foundInLookup) | table username ... View more

Re: Compare Usernames from Search with Lookup (csv...

by in Getting Data In
‎07-24-2017 07:01 AM
‎07-24-2017 07:01 AM
Yes I copied your Query. Both earliest=-24h host="*" sudo:session | rex "pam_unix(sudo:session): session opened for user root by (?[[:alnum:]_.]+)" | dedup user | table user earliest=-24h host="*" sudo:session | rex "pam_unix(sudo:session): session opened for user root by (?[[:alnum:]_.]+)" | eval username=upper(username) | stats count by username | append [| inputlookup test.csv | eval count=0, username=upper(username) | fields username count] | stats sum(count) AS Total by username Both shows the same Users, your shows the ammont of Logins (nice the stats count command), but the inputlookup / append commands seems to do nothing. Thanks ... View more

Re: Compare Usernames from Search with Lookup (csv...

by in Getting Data In
‎07-24-2017 05:41 AM
‎07-24-2017 05:41 AM
hey, thats for the quick comment. The test.csv contains a List of "OK" Users, I want to filter all Users that are not in that List. ... View more

Compare Usernames from Search with Lookup (csv)

by in Getting Data In
‎07-24-2017 02:47 AM
‎07-24-2017 02:47 AM
So I read a few answer from here, but I could't ge this to work. My Seach: search.... | dedup user | table user and I want to to compare this with usernames from a csv. I've uploaded a lookup "test.csv" file one colum named username. I want an Output that shows all Usernames that are not in the csv .... | dedup username | search NOT username [inputlookup test.csv] | table username Shows only the Usernames that are in the List. Can someone help to show all User that are not in the Lookup? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All