Hi Everyone,
I have run into a problem I am not able to easily solve with Splunk. I have splunk query that returns some data, user name, appname, and app time accessed. This returns results for all users.
I separately have a list of users. I am trying to find the fields listed above for the list of users. I have uploaded the list of users both as file and lookup. I am not able to get the search to only return the list of users. search info below. Thanks!
index=prod_index sourcetype=MySource | rex field=_raw "<<LOT OF COMPLEX REGEX>>(?<appname>[^]]) (?<userName>[^]])"
AND
|inputlookup UserList.csv | rename "Garbage Name" as userName
I can not figure out how to get these two searches to merged. Any help would be great thanks!
... View more