Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to check for search string/data present in csv lookuptable and result present or not

akshayinnamuri
Loves-to-Learn Lots
‎02-10-2022 03:30 AM

I am looking for something like this as below

I have a seach string = rubi
and want to check this string presence in a lookuptable = metals.csv

Name         date                region
rubi            12122021     abc
diamond  12122022     def
platinum   12122023    ghi


what would be my splunk query to shows the presence of my search string with lookuptable.

I want the result to be something like below

Since in above example rubi is present in metals.csv my result table should look like with an extra column Present and status as Yes

Name  Present
rubi       Yes


If not present say example searchstring=copper and is not present in metals.csv then output table should be
Name      Present
copper      No


Note: I am giving the seachstring in text box of dashboard and want a result table as above

Labels (4)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-10-2022 04:48 AM 
| eval Name="rubi"
| lookup metals.csv
| eval Present=if(isnull(region),"No","Yes")
0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...