cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
tgravvold
Engager
Member since: ‎05-20-2011
‎10-10-2022
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎05-20-2011
View All

Re: How to lookup the best matching ingress url fo...

by in Splunk Search
‎10-10-2022 04:16 AM
‎10-10-2022 04:16 AM
Thanks @bowesmana ! I'll give your rex uri depth match a try. It will be a fairly simple solution if it fits the requirements.  ... View more

Re: Lookup the best matching ingress url for url f...

by in Splunk Search
‎10-02-2022 09:23 AM
‎10-02-2022 09:23 AM
I found this post that points out ways to compare strings the way I want: https://community.splunk.com/t5/Splunk-Search/Can-splunk-compare-two-strings-and-return-likeness-similarity/m-p/35485 But I don't know if this kind of comparison is possible with lookup tables. Would it be better to feed the CSV data into a index? ... View more

Re: Lookup the best matching ingress url for url f...

by in Splunk Search
‎10-02-2022 04:34 AM
‎10-02-2022 04:34 AM
Thanks for the answer. Unfortunately I can not assume matching only hostname or a fixed path depth. If it helps, I can manipulate the ingress in the CSV. The CSV is exported via script. For example I can sort the CSV by index if it helps. What I'm seeking is a function that matches each ingress from the CSV to the url in the log entry and picks the ingress that best matches (matches most characters from start of field. ... View more

How to lookup the best matching ingress url for ur...

by in Splunk Search
‎10-01-2022 02:55 PM
‎10-01-2022 02:55 PM
Dear Splunk community, I'm new to Splunk, so excuse my incompetence... What I'm trying to do is enriching my web access log with app name and team name from a csv lookup file. The CSV file "ingress_map.csv" looks like this:   ingress,app,team https://mycompany.com/abc,foo-bar,a-team https://app.mycompany.com,good-app,b-team https://app.mycompany.com/abc,better-app,c-team https://app.mycompany.com/abc/xyz,best-app,d-team     The url field of my web access log will seldom match exactly one of the ingresses, is it possible to have a lookup that finds the best matching ingress and adds the fields app and team to the log line? Or is there a better way of solving this problem?   Regards Terje Gravvold ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-10-2022 11:18 AM
Karma given to
View All