Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using a .csv as part of a search

cpressl
New Member
‎03-04-2017 03:22 PM

New splunk user, trying to get my feet under me. here's the situation;

We have a rather large splunk deployment, and my group often does searches using phone number (TN). Some of our searches involve a lot of numbers, so the search is basically "WTN=0000000000 OR WTN=1111111111 OR..." repeated about a thousand times (not exaggerating, BTW). I've been told that it's easier and faster to use a lookup table instead, but all the reading on lookup tables I've found seem to indicate that adding the .csv makes it more or less a permanent addition to the splunk data, not to mention that the whole process seems kinda convoluted for a simple (and often one-time) search.

Basically, what I'd like to do is be able to say "search index x for the TNs in this .csv, and return these fields" more or less on the fly, without adding a lot of data to splunk that will most likely never be used again. Is there an easy way to do this? Thanks!

0 Karma
Reply

woodcock
Esteemed Legend
‎03-05-2017 01:15 AM

Let's assume that you have a lookup file called WTN.csv which has a header line that says only WTN. You can skip all WTNs in the file like this:

Your Search Here NOT [|inputscsv WTN.csv]
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...