Hello!
I have been looking for a way to report or dashboard based on this scenario. I have 3 different lookup tables:
Table 1: Key field IP Address, with field 2, field 3, field 4, etc.
Table 2: Key field IP Address, with field 5, field 6, field 7 etc.
Table 3: Key field IP Address, with field 8, field 9 and field 10.
How can I report/dashboard to show something like:
IP address, field 2, field3, field 4, field5, field6, ....field 10?
Thanks in advance for any assistance you can provide as I have been unsuccessfully trying this for quite so long. These tables are been automatically generated by Splunk grabbing data from different sources so I would avoid the manual process of just manually downloading this and consolidate it 🙂
You can do like this
| inputlookup YourLookupTable1.csv | table IP_ADDRESS field2 field3 field4
| lookup YourLookupTable2.csv IP_ADDRESS OUTPUT field5 field6 field7
| lookup YourLookupTable3.csv IP_ADDRESS OUTPUT field8 field9 field10
I found it...sorry, I needed to use AS to match IP Address from Table 1 and Table 2.
Many thanks!!
You can do like this
| inputlookup YourLookupTable1.csv | table IP_ADDRESS field2 field3 field4
| lookup YourLookupTable2.csv IP_ADDRESS OUTPUT field5 field6 field7
| lookup YourLookupTable3.csv IP_ADDRESS OUTPUT field8 field9 field10
Thanks for your reply. I was just trying what you've suggested. So for a particular IP address, I want to list all the fields in the 3 different lookups I have. Is there any match or Join I need to do to get that?