cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
cyrus_thesplunk
Engager
Member since: ‎04-04-2023
‎04-06-2023
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-04-2023
Activity Feed
View All

Re: How do I compare lookup field to search and pr...

by in Splunk Search
‎04-06-2023 06:17 AM
‎04-06-2023 06:17 AM
Thank you! This worked perfectly ... View more

Re: How do I compare lookup field to search and pr...

by in Splunk Search
‎04-05-2023 04:03 AM
‎04-05-2023 04:03 AM
Got it. I understand this part but where are you comparing the hostname in the search to hostname in the lookup file and then printing the username correlated to that hostname in the table. This is what the search visualization results should look like. Time Hostname Username Src IP 5:01 am host1 user1 192.xxx.xxx.xxx 5:07 am host2 user2 192.xxx.xxx.xxx 5:09 am host3 user3 192.xxx.xxx.xxx Username information is the only thing thats coming from the lookup file. Rest of it comes from the search.  ... View more

How do I compare lookup field to search and print ...

by in Splunk Search
‎04-04-2023 09:33 AM
‎04-04-2023 09:33 AM
Currently in my logs I am getting the hostname of the users but not their usernames. I created a lookup table that contains hostnames and usernames. I am trying to match the hostname from search to the hostname in the lookup file and then print their correlated username in a table format in the search visualization.  Lookup file: hostname username host1 user1 host2 user2 host3 user3 host4 user4   search: index=windows sourcetype:eventlogs  [|inputlookup users.csv | fields hostname username | rename hostname as users] ~~~print username correlated to "users" in the above string.~~~ ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-06-2023 01:10 PM