当前位置:网站首页>Splunk query CSV lookup table data dynamic query
Splunk query CSV lookup table data dynamic query
2022-07-07 08:23:00 【QYHuiiQ】
in application , We may encounter some data information that needs dynamic management , And in spl Dynamically execute queries based on this information . That is to say, in the past, we may put the query conditions directly on | search Carry out later , First, we want to define this condition in lookup in , And then lookup This condition in is appended in | search Back . Of course , This implementation you can use in | search Back , It can also be used by Netease in various splunk After the command line of , Just for the convenience of sorting out functions , So | search For example .
Take the following case as an example :
In the examinations held by the school , Maybe sometimes the exam is difficult , Sometimes it's less difficult , Then when we judge the grade of students' examination results each time, we need to evaluate it according to the starting difficulty , Instead of simply 60 As the passing line of each exam , So we can put this dynamic rating in one lookup table in , You can modify this after each exam lookup table To realize the evaluation of students' grades .
- establish lookup table
| makeresults
| eval level_condition="grade>80",subject="Math"
| fields - _time
| outputlookup level.csv- Test data
| makeresults
| eval name="Sam",grade="85",subject="Math"
| table name,grade,subject
- adopt looukp table Use the conditions in as filter conditions
| makeresults
| eval name="Sam",grade="85",subject="Math"
| search
[| inputlookup level.csv
| eval standard=level_condition." AND subject=".subject
| return $standard]
| fields - _timeYou can see that the filter condition is effective :
So in general , To use dynamic acquisition lookup table The data in is directly referenced to spl in , You need to be right about lookup The data in is processed to be directly referenced spl grammar , And then use return $fieldname The way to put splunk After the command line .
You can see the splicing lookup table Result :
Of course , Here's just a simple example , In practical application, you can do more complex logical processing according to your own business .
边栏推荐
- Leetcode simple question: find the K beauty value of a number
- Pytoch (VI) -- model tuning tricks
- Excel import function of jeesite form page
- opencv学习笔记三——图像平滑/去噪处理
- One click installation of highly available Nacos clusters in rainbow
- 机器人教育在动手实践中的真理
- 一文了解如何源码编译Rainbond基础组件
- Four items that should be included in the management system of integral mall
- What is the function of paralleling a capacitor on the feedback resistance of the operational amplifier circuit
- Splunk子查询模糊匹配csv中字段值为*
猜你喜欢
Myabtis_ Plus
Rainbow version 5.6 was released, adding a variety of installation methods and optimizing the topology operation experience
Openvscode cloud ide joins rainbow integrated development system
Open3d ISS key points
Explore creativity in steam art design
The truth of robot education in hands-on practice
Rainbow 5.7.1 supports docking with multiple public clouds and clusters for abnormal alarms
Call pytorch API to complete linear regression
Quick analysis of Intranet penetration helps the foreign trade management industry cope with a variety of challenges
在Rainbond中一键部署高可用 EMQX 集群
随机推荐
一文了解如何源码编译Rainbond基础组件
Le système mes est un choix nécessaire pour la production de l'entreprise
[untitled]
GFS分布式文件系统
漏洞複現-Fastjson 反序列化
Complex network modeling (III)
[untitled]
Zcmu--1492: problem d (C language)
【雅思口语】安娜口语学习记录 Part2
It's too true. There's a reason why I haven't been rich
Interview questions (CAS)
藏书馆App基于Rainbond实现云原生DevOps的实践
Use of JMeter
Leetcode 187 Repeated DNA sequence (2022.07.06)
【Go ~ 0到1 】 第七天 获取时间戳,时间比较,时间格式转换,Sleep与定时器
Famine cloud service management script
Call pytorch API to complete linear regression
Blob 對象介紹
Lua 编程学习笔记
[quick start of Digital IC Verification] 13. SystemVerilog interface and program learning