Hi All,
I have looked around on the community but I am unable to find anything that matches what I'm looking for, so apologies if this has already been asked somewhere.
I am trying to figure out how to do an automatic lookup in Splunk where the field already exists, and I just want to append an additional field into an existing field for things that match.
For example, I have a CSV called Exclusions.csv
ID Computer STATUS
1 X EXCLUDED
2 Y EXCLUDED
3 Z EXCLUDED
4 B EXCLUDED
In my index there are already fields called ID, Computer and STATUS.
I want to create an automatic lookup which matches ID and Computer and if they do match output EXCLUDED into the STATUS field.
I have done this. However, the problem that I am having is that, if nothing matches in the lookup, the STATUS field for the existing data disappears.
Has anyone experienced this problem before?
Any help would be great.
... View more