9/27/2023 0 Comments Splunk lookup output and input![]() if anything new shows up in lookup1 which is not found in lookup2, I would like to know what value is being outputted. lookup 2 has the data below: columnname: number one two three five. ex: lookup 1 has the data below: columnname: number one two three four. Also, please check the attached pic of splunk running in my UI. Hi, need help to get difference records between 2 lookups with same column name. ![]() Lookup output fields: This will be the fieldin the lookup table that Iam using to convert to. I have create a lookup file, lets say 'foo.csv', which has content: knownissuesstrings NOT 'known string' NOT 'k. Lookup input fields: This is simple in my example. If you can't get the format output right, you may have to use the old method without IN. index 'mail sent by'where custID IN ( search index 'successful login for'fields custID format) table CustID,time. I would like to filter out known issues so the report is less cluttered with known issues. You'll have to experiment with format options to get the output to be compatible with IN. Please check and let me know what else i can do to make it work. Hi, I have multiple queries that I use to do daily report on errors in our production Splunk. So, I do search like inputlookup list250k rename ipcidr as ip eval convertiptostring(ip) lookup list65k ipcidr AS convertip OUTPUT ipcidr, list where isNotNull(ipcidr) rename ipcidr as foundin. ![]() Its taking the command as whole instaed of running first query and then pass it as an input to second query. Below is the screen shot of running two commands as one in splunk search.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |