×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jgoodrich
Splunk Employee
Member since: ‎05-30-2019
‎04-15-2024
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-30-2019
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Using lookup

by Splunk Employee in Getting Data In
‎05-30-2019 05:35 AM
‎05-30-2019 05:35 AM
I would recommend changing your csv to have two columns. For example "lookup_ip" and "lookup_reason". The second column could just contain a single value in each row that describes what the list is for (i.e. "my ip blacklist"). Then add the lookup to Splunk. For your search do: index=firewall | lookup ip_list.csv lookup_ip as src_ip In the results, if any event has a src_ip that matches the lookup list you'll see the "lookup_reason" field show up. So you'll have lookup_reason="my ip blacklist". This is a super easy way to pull lookup data in, then you can work it downstream in the search pipeline. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-15-2024 09:10 AM