当前位置:网站首页>Splunk query CSV lookup table data dynamic query
Splunk query CSV lookup table data dynamic query
2022-07-07 08:23:00 【QYHuiiQ】
in application , We may encounter some data information that needs dynamic management , And in spl Dynamically execute queries based on this information . That is to say, in the past, we may put the query conditions directly on | search Carry out later , First, we want to define this condition in lookup in , And then lookup This condition in is appended in | search Back . Of course , This implementation you can use in | search Back , It can also be used by Netease in various splunk After the command line of , Just for the convenience of sorting out functions , So | search For example .
Take the following case as an example :
In the examinations held by the school , Maybe sometimes the exam is difficult , Sometimes it's less difficult , Then when we judge the grade of students' examination results each time, we need to evaluate it according to the starting difficulty , Instead of simply 60 As the passing line of each exam , So we can put this dynamic rating in one lookup table in , You can modify this after each exam lookup table To realize the evaluation of students' grades .
- establish lookup table
| makeresults
| eval level_condition="grade>80",subject="Math"
| fields - _time
| outputlookup level.csv- Test data
| makeresults
| eval name="Sam",grade="85",subject="Math"
| table name,grade,subject
- adopt looukp table Use the conditions in as filter conditions
| makeresults
| eval name="Sam",grade="85",subject="Math"
| search
[| inputlookup level.csv
| eval standard=level_condition." AND subject=".subject
| return $standard]
| fields - _timeYou can see that the filter condition is effective :
So in general , To use dynamic acquisition lookup table The data in is directly referenced to spl in , You need to be right about lookup The data in is processed to be directly referenced spl grammar , And then use return $fieldname The way to put splunk After the command line .
You can see the splicing lookup table Result :
Of course , Here's just a simple example , In practical application, you can do more complex logical processing according to your own business .
边栏推荐
猜你喜欢
opencv学习笔记四——膨胀/腐蚀/开运算/闭运算
Don't stop chasing the wind and the moon. Spring mountain is at the end of Pingwu
Practice of combining rook CEPH and rainbow, a cloud native storage solution
rsync远程同步
一文了解如何源码编译Rainbond基础组件
opencv学习笔记五——梯度计算/边缘检测
GFS分布式文件系统
DeiT学习笔记
Open3D ISS关键点
Avatary's livedriver trial experience
随机推荐
Le système mes est un choix nécessaire pour la production de l'entreprise
BiSeNet的特点
Offer harvester: add and sum two long string numbers (classic interview algorithm question)
Practice of combining rook CEPH and rainbow, a cloud native storage solution
Blob 對象介紹
Four items that should be included in the management system of integral mall
Lua 编程学习笔记
漏洞复现-Fastjson 反序列化
[untitled]
One click deployment of highly available emqx clusters in rainbow
Full text query classification
【无标题】
面试题(CAS)
[IELTS speaking] Anna's oral learning records Part3
Complex network modeling (II)
Standard function let and generic extension function in kotlin
Analysis of maker education in innovative education system
GFS分布式文件系统
Real time monitoring of dog walking and rope pulling AI recognition helps smart city
Wang Zijian: is the NFT of Tencent magic core worth buying?