Hello,
I am not sure what I am doing wrong but logically I feel this search string should work however it isn't working.
S here is a description of what I am trying to do, I am trying to run a search of my data in Splunk, then output a field named DNS, then lookup each DNS field in a lookup csv file and where there is a match it should output the corresponding Owner. Here is the search string;
index=main sourcetype=ServerList dns=* | dedup dns | table dns | lookup ServerList.csv dns OUTPUT Owner | table dns Owner
What am I doing wrong here, I get the dns field but no Owner field is populated?
↧