当前位置:网站首页>Splunk query CSV lookup table data dynamic query
Splunk query CSV lookup table data dynamic query
2022-07-07 08:23:00 【QYHuiiQ】
in application , We may encounter some data information that needs dynamic management , And in spl Dynamically execute queries based on this information . That is to say, in the past, we may put the query conditions directly on | search Carry out later , First, we want to define this condition in lookup in , And then lookup This condition in is appended in | search Back . Of course , This implementation you can use in | search Back , It can also be used by Netease in various splunk After the command line of , Just for the convenience of sorting out functions , So | search For example .
Take the following case as an example :
In the examinations held by the school , Maybe sometimes the exam is difficult , Sometimes it's less difficult , Then when we judge the grade of students' examination results each time, we need to evaluate it according to the starting difficulty , Instead of simply 60 As the passing line of each exam , So we can put this dynamic rating in one lookup table in , You can modify this after each exam lookup table To realize the evaluation of students' grades .
- establish lookup table
| makeresults
| eval level_condition="grade>80",subject="Math"
| fields - _time
| outputlookup level.csv- Test data
| makeresults
| eval name="Sam",grade="85",subject="Math"
| table name,grade,subject
- adopt looukp table Use the conditions in as filter conditions
| makeresults
| eval name="Sam",grade="85",subject="Math"
| search
[| inputlookup level.csv
| eval standard=level_condition." AND subject=".subject
| return $standard]
| fields - _timeYou can see that the filter condition is effective :
So in general , To use dynamic acquisition lookup table The data in is directly referenced to spl in , You need to be right about lookup The data in is processed to be directly referenced spl grammar , And then use return $fieldname The way to put splunk After the command line .
You can see the splicing lookup table Result :
Of course , Here's just a simple example , In practical application, you can do more complex logical processing according to your own business .
边栏推荐
- 船载雷达天线滑环的使用
- JS复制图片到剪切板 读取剪切板
- Blob object introduction
- 【雅思口语】安娜口语学习记录 Part3
- 通俗易懂单点登录SSO
- The truth of robot education in hands-on practice
- Interview questions (CAS)
- 电池、电机技术受到很大关注,反而电控技术却很少被提及?
- Learn how to compile basic components of rainbow from the source code
- Leetcode simple question: find the K beauty value of a number
猜你喜欢
Interactive book delivery - signed version of Oracle DBA work notes
![[untitled]](/img/b5/348b1d8b5d34cf10e715522b9871f2.png)
[untitled]
Rainbow 5.7.1 supports docking with multiple public clouds and clusters for abnormal alarms
Splunk中single value视图使用将数值替换为文字
Ebpf cilium practice (2) - underlying network observability
What is the function of paralleling a capacitor on the feedback resistance of the operational amplifier circuit
opencv学习笔记二——图像基本操作
XCiT学习笔记
Make LIVELINK's initial pose consistent with that of the mobile capture actor
Practice of implementing cloud native Devops based on rainbow library app
随机推荐
在Rainbond中实现数据库结构自动化升级
Complex network modeling (III)
Openvscode cloud ide joins rainbow integrated development system
Transformation function map and flatmap in kotlin
拓维信息使用 Rainbond 的云原生落地实践
利用 Helm 在各类 Kubernetes 中安装 Rainbond
在Rainbond中一键部署高可用 EMQX 集群
Le système mes est un choix nécessaire pour la production de l'entreprise
Open3d ISS key points
Lua programming learning notes
Complex network modeling (I)
Blob 對象介紹
offer收割机:两个长字符串数字相加求和(经典面试算法题)
使用 Nocalhost 开发 Rainbond 上的微服务应用
Leetcode simple question: find the K beauty value of a number
云原生存储解决方案Rook-Ceph与Rainbond结合的实践
Call pytorch API to complete linear regression
Don't stop chasing the wind and the moon. Spring mountain is at the end of Pingwu
Blob object introduction
Lua 编程学习笔记