Solved: How to read a number, then convert to correspondin... - Splunk Community

Getting Data In

I am trying to extract a module/level ID from my logs and have splunk take that ID and match it to the corresponding name from a csv file and put that into a stats table, please help.

Thanks!

1 Solution

Solution

YourSearch | rex field=_raw max_match=0 "level ID":\"(?< ID>\d+)\""
| lookup file.csv level ID as ID OUTPUT corresponding_name
| table corresponding_name count

Save your .csv to lookup folder

file.csv

ID corresponding_name
1 A
2 B

This should work.

View solution in original post

Solution

YourSearch | rex field=_raw max_match=0 "level ID":\"(?< ID>\d+)\""
| lookup file.csv level ID as ID OUTPUT corresponding_name
| table corresponding_name count

Save your .csv to lookup folder

file.csv

ID corresponding_name
1 A
2 B

This should work.

https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutlookupsandfieldactions

You want to make and use a lookup

Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with another ...