Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to generate a search to compare the value of a field with a CSV table?

soesia12
New Member
‎03-13-2017 10:28 AM

Hello!

I'm currently trying to compare the value of a field with a csv table.

I want to compare the destination port (dst_port) with the values of pwhitelist.csv and display the ports that are not included in the csv data.

For example: the csv file consists of the ports 80, 8080, 443 and 8000 want to display all dst_ports that are not 80, 8080, 443 or 8000.

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎03-13-2017 10:47 AM 
yourBaseSearch NOT [|inputlookup pwhitelist.csv | fields Ports | rename Ports AS dst_port | format]

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎03-13-2017 10:47 AM 
yourBaseSearch NOT [|inputlookup pwhitelist.csv | fields Ports | rename Ports AS dst_port | format]
Reply
Solved! Jump to solution

soesia12
New Member
‎03-13-2017 11:58 PM

Hey!

Doesn't work. It just lists all ports.

In the file there are just a few ports. At the moments it's just for testing.
pwhitelist.csv:

In the file is only one column with the header "Ports".
The values 80,443,8000,8080 are in that column.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎03-14-2017 04:03 AM

I edited my answer, please try the new version. If dst_port isn't the field name in your index, then change it to the field name you have for the ports in your indexed data.

0 Karma
Reply
Solved! Jump to solution

soesia12
New Member
‎03-14-2017 05:44 AM

thanks so much ! it worked

0 Karma
Reply
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...