Using the Twitter App - Splunk Essentials - page 146

Database Reference

In-Depth Information

Using a lookup table

Sometimes it is useful to use a lookup file to avoid having to use repetitive code. We'll

present an example here that will help us with the situation presented in the preceding sec-

tion. It would help us to have a list of all the small words that might be found often in a

tweet just by the nature of each word's frequent use in language, so that we might eliminate

them from our quest to find words that would be relevant for use in the creation of advert-

ising. If we had a file of such small words, we could use a command indicating not to use

any of these more common, irrelevant words when listing the top 30 words associated with

our search topic of interest. Thus, for our search for words associated with the text "cof-

fee", we would be interested in words like " dark", "flavorful", and "strong", but not words

like "a", "the", and "then".

We can do this using a lookup command. There are three types of lookup commands,

which are presented in the following table:

Command

Description

Matches a value of one field with a value of another, based on a .csv file with the two fields.

Consider a lookup table named lutable that contains fields for machine_name and owner . Consider

what happens when the following code snippet is used after a preceding search (indicated by . . . |):

lookup

. . . | lookup lutable owner

Splunk will use the lookup table to match the owner's name with its machine_name and add the

machine_name to each event.

All fields in the .csv file are returned as results. If the following code snippet is used, both ma-

chine_name and owner would be searched:

inputlookup

. . . | inputlookup lutable

This code outputs search results to a lookup table. The following code outputs results from the pre-

ceding research directly into a table it creates:

outputlookup

. . . | outputlookup newtable.csv saves

The command we will use here is inputlookup, because we want to reference a .csv file we

can create that will include words that we want to filter out as we seek to find possible ad-

Next Page

Splunk Essentials

Search WWH ::

Custom Search

Home