- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Integrating a series of flat values into Splunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I'm on the fish for ideas or anybody who has previous experience with this.
Essentially, we have two tables of (mostly) fixed data which we would like to 'teach' Splunk (for want of a better term).
To put it in context we have throughput files that report a transaction ID and a transaction time, Splunk grabs these fields no problem. Elsewhere in some flat tables we have transaction names (that relate to an ID) and a time threshold for each transaction time.
Is there anyway we can bring this data into the mix? If Splunk can know about the average for each transactions, and compare to the actual times (our main concern) and if it could line up the arbitrary transactions ID's with the meaningful names it would make analysis of the logs inifnitely more useful.
I'm a bit of a Splunk noob (actually, a lot of one) so sorry if there is precedent for this or some glaringly obvious answer. Really just looking for any sort of starting point.
Thanks in advance for any advice you can give. I can elaborate further if need be.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not "100%" sure what you mean by flat tables, but it sounds like what you are looking for is splunk's lookup mechanism, which is new in Splunk 4.x.
You have two different options for lookups:
- Simple flat file (*.csv)
- Scripted lookups (you write a small python script which does the heavy-lifting; which lets you do whatever kind of lookup you'd need, like a SQL query, internet lookup, or whatever else you need.)
Docs:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not "100%" sure what you mean by flat tables, but it sounds like what you are looking for is splunk's lookup mechanism, which is new in Splunk 4.x.
You have two different options for lookups:
- Simple flat file (*.csv)
- Scripted lookups (you write a small python script which does the heavy-lifting; which lets you do whatever kind of lookup you'd need, like a SQL query, internet lookup, or whatever else you need.)
Docs:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great. If this answers your question, you can indicate so by click the check mark on the side.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Lowell, this is indeed what we were looking for!
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
