Hello,
I've created a DB connection to a SQL Server database that contains client names associated with client IDs we have in our Splunk logs. I would like to use this connection to pull Client names for our Splunk reports, but all information I see regarding the use of lookup tables includes using Python scripts. Is there an easier way than adding scripts?
Thank You
DB-backed lookups are part of the DB Connect app: http://apps.splunk.com/app/958/
To add to martin's answer, I think the best way to use db connect 1.x for lookups is to:
1) Create a db input that indexes the information into Splunk
2) Create a standard CSV-based lookup from the information indexed in step 1
3) Apply the lookup to the hosts/sources/sourcetypes that you want to annotate with the lookup information.