×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
anording
Engager
Member since: ‎09-30-2020
‎10-02-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-30-2020
Activity Feed
View All

Re: Importing Values for a Search from a CSV File

by in Getting Data In
‎10-01-2020 05:39 AM
‎10-01-2020 05:39 AM
Dear thambisetty, thx for the ultrafast reply. 😄   When i try your example, i will get the following error: Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table. The field DST is available in firewall raw events. In the CSV File are only plain IP adresses nothing else. Do i have to define a new field called "newfieldfromcsv", and if yes how? I know newbie questions.  😆 THX again for your help! André ... View more

Importing Values for a Search from a CSV File

by in Getting Data In
‎10-01-2020 12:07 AM
‎10-01-2020 12:07 AM
Hello, I´m new to splunk and need a short hint, concerning the following question: I have some Firewall logs in Splunk and would like to search in the Destination (DST) field for specific Servers. I uploaded a Server-2.csv and a " | inputlookup Server-2.csv  " shows the content of the file correctly. A manual search like " index=firewall DST=8.8.8.8 " works fine. From my point of view a " index=firewall [ | inputlookup Server-2.csv | table DST ] " should do a search for every entry in the CSV file, but I get no error and no result. There should be a result because 8.8.8.8 is in the CSV as first entry. Is the table entry the wrong syntax? Sorry if this question is too simple, but I really would appreciate some hints. Thx André     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-02-2020 12:28 AM
Karma given to
View All