All-
I am new to Splunk and trying to figure out how to return the matched term while utilizing CSV table with inputlookup. I just researched and found that inputlookup returns a Boolean response, making it impossible to return the matched term.
With that being said, is the anyway to search a lookup table and return the matching term? I would imagine eval would do the trick, but I have not been successful in making it work.
I have tried the below:
index=proxysg sourcetype=proxysg_base [|inputlookup aterms.csv | return 10000 $aterms] | eval matchedterm=if( [|inputlookup aterms.csv | return 10000 $aterms], $aterms)
Thanks for the help!
↧