Inputlookup – To read a lookup file or to see the contents of a lookup file.
You can also know about : Customization Of Navigation Menu II Important Commands and functions to interact with lookups in Splunk: In this way you can upload any lookup file in Splunk. Destination app : Upload a lookup file : Destination filename : Then it will open the dialog box to upload the lookup file. Then click on Lookup table filesand New Lookup Table file.
Then go to the Settings and click on Lookups Log in to your Splunk instance with your credentials. Suppose we have a csv file which consist two field, “ status_code” and “ status_information” it’s basically giving us all HTTP response status codes like 402 is for “ Payment Required”, 403 is for “ Forbidden” and 404 is for “ Page Not Found” etc. Let’s take an example, Suppose you have “ emp_name” and “ age” in your index but you don’t have “ country” name of all employees, but you have a csv file where all the “ country” and “ emp_name” are stored, so in that case you can use that csv file as lookup file to add “country” in your Splunk result where we will use “ emp_name” field as a mapping field because that is the common field we have in both the places.Īt first we will start with creating a lookup file in Splunk. Basically it enriches our data by adding some externals data. Splunk Lookup helps us in adding a complete new field, from an external source based on the value that matches your field in the event data. LOOKUPS – LOOKUP TABLE FILES ( PART – 1 )Ī lookup table or file is one of the most important portions in Splunk, which is mainly use for mapping of fields and field-values.
0 kommentar(er)
