Hello, I´m new to splunk and need a short hint, concerning the following question: I have some Firewall logs in Splunk and would like to search in the Destination (DST) field for specific Servers. I uploaded a Server-2.csv and a " | inputlookup Server-2.csv " shows the content of the file correctly. A manual search like " index=firewall DST=8.8.8.8 " works fine. From my point of view a " index=firewall [ | inputlookup Server-2.csv | table DST ] " should do a search for every entry in the CSV file, but I get no error and no result. There should be a result because 8.8.8.8 is in the CSV as first entry. Is the table entry the wrong syntax? Sorry if this question is too simple, but I really would appreciate some hints. Thx André
... View more