Absolutely. Just put the table into a CSV file, e.g., like Code Description Discussion 100 requested action was initiated; expect another reply before proceeding with a new command. 110 Restart marker reply. The text is exact and not left to the particular implementation; it must read "MARK yyyy = mmmm" where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "="). 120 Service ready nn minutes. (Informational) 125 Data Connection already open; transfer starting. (Informational) 150 File status okay; about to open data connection. FTP uses two ports: 21 for sending commands, and 20 for sending data. A status code of 150 indicates that the server is about to open a new connection on port 20 to send some data. Set up the CSV as lookup. (See Define a CSV lookup in Splunk Web.) Then, suppose your data search returns a field named ftp_return_code. In your search, add a lookup command | lookup mylookup Code as ftp_return_code OUTPUT Description as ftp_return_description, Discussion as ftp_return_discussion
... View more