All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to do a bulk phone number search and return corresponding required field

goken
New Member
‎04-05-2019 10:12 PM

Hi Splunkers,

Please help me,

I have a search as below:

| inputlookup bbextract.csv
| search bbfnn=xxxxxxxxx
| fields bbkenan

bbfnn= phone number
bbnbnfnn= nbn phone number
bbkenan= account number

My problem is bbfnn field can also be bbnbnfnn and I would like to to a bulk search.
So example I would enter example x10 phone numbers amd would like it to return the corresponding account numbers.

Is anyone able to assist?

Tags (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎04-07-2019 11:15 PM

Forget about your attempts to implement a solution. Show us your sample events, show us your desired text input, and show us a mockup of your desired result. Then describe the logic that goes with it.

0 Karma
Reply

vbumgarner
Contributor
‎04-06-2019 10:13 AM

I think you just need to use OR. 

...
| search bbfnn=xxxxx OR bbnbnfnn=xxxxx OR bbkenan=xxxxx

If your data is actually in a lookup, inputlookup does support filters, which will be more efficient that piping through search.

https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/Inputlookup

If your data is NOT in a lookup, then a query that contains the bare word can help your query efficiency, as well.

index=foo (xxxxx AND ( bbfnn=xxxxx OR bbnbnfnn=xxxxx OR bbkenan=xxxxx ) )
0 Karma
Reply

goken
New Member
‎04-07-2019 01:32 AM

Hi Vbumgarner,

Appreciate your solution.

Is there a way I can combine the x2 fields bbfnn and bbnbnfnn into one column?

Your method works but what if I need to enter a large amount of numbers to search?

My end goal is to create a dashboard where I can past x numbers (100+) and run the search.

Currently, I have a dash board where I am able to execute this but restricted to only being able to search the field bbfnn.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...