All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

inputlookup

sd248011
New Member
‎03-15-2013 08:16 AM

Hello,

I know to view a csv, I can run | inputlookup asdf.csv. How would I be able to view multiple csvs in one search query?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-15-2013 08:37 AM

A better solution would be:

|inputlookup file1.csv | inputlookup file2.csv append=t|...

View solution in original post

Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-15-2013 08:37 AM

A better solution would be:

|inputlookup file1.csv | inputlookup file2.csv append=t|...

Reply
Solved! Jump to solution

sd248011
New Member
‎03-15-2013 09:50 AM

Ah, got it. Thanks much!

0 Karma
Reply
Solved! Jump to solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-15-2013 09:47 AM

My initial answer had an append=t because I normally append lookups to search results. Try this: |inputlookup c2_zeus.csv | inputlookup DNS_DOMAINS_malware.csv append=t

0 Karma
Reply
Solved! Jump to solution

sd248011
New Member
‎03-15-2013 09:34 AM

The c2_zeus.csv is the first. Then I have append=t after that and the second csv. My example above is exactly like how your query was stated originally. It just doesn't let you put a subsequent inputlookup command after the initial one.

0 Karma
Reply
Solved! Jump to solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-15-2013 09:27 AM

You have them backwards. Swap the two. For each inputlookup after the first, you need "append=t"

0 Karma
Reply
Solved! Jump to solution

sd248011
New Member
‎03-15-2013 09:18 AM

|inputlookup c2_zeus.csv append=t| inputlookup DNS_Domains_malware.csv

0 Karma
Reply
Solved! Jump to solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-15-2013 09:04 AM

can you post your search that is failing?

0 Karma
Reply
Solved! Jump to solution

sd248011
New Member
‎03-15-2013 09:02 AM

I do. It is because inputlookup is stated after the append. I can run the | inputlookup file1.csv just fine. It is the subsequent csvs I can't seem to also pull up.

0 Karma
Reply
Solved! Jump to solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-15-2013 08:56 AM

make sure you have a | at the front of your search, and that it is the first command in the search.

0 Karma
Reply
Solved! Jump to solution

sd248011
New Member
‎03-15-2013 08:55 AM

I receive this error:

Error in 'inputlookup' command: This command must be the first command of a search.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-15-2013 08:29 AM

inputlookup, append, inputlookup, append, ...?

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...