Hi to all,
I'm using a csv file to categorize event actions extracted by a log file.
I'm extracting events action (i.s. getxxx) using a regular expression, then I use the lookup command to search the action in the csv file and to extract the relative category.
Since the event action is like IP/getxxx and the IP is variable, I'd like to set the csv file like */getxxx in order to match for any IP, but the * in the csv file doesn't work.
How can i solve?
Thanks,
Andrea
Hello,
have a look to this answer:
https://answers.splunk.com/answers/52580/can-we-use-wildcard-characters-in-a-lookup-table.html
Another option: as long as you are extracting the action using regex, so why not extract it without the IP 🙂
Regards